Are we really starting this shit here?
Everything on the internet is a repost. Calling it out adds nothing worthwhile to the conversation and just derails any conversation.
Are we really starting this shit here?
Everything on the internet is a repost. Calling it out adds nothing worthwhile to the conversation and just derails any conversation.
Best practice in 2023 is a simple, sufficiently long but memorable passphrase. Excessive requirements mean users just create weak passwords with patterns.
[Capital letter]basic word(number){special character}Enforcing password changes doesnt help either. It just creates further patterns. The vast majority of compromised credentials are used immediately or within a short time frame anyway. Changing the password 2 months later isnt going to help and passwords like July2023!, which are common, are weak to begin with.
A non expiring, long, easily remembered passphase like
forgetting-spaghetti-toad-boxIs much more secure than a short password with enforced complexity requirements.