Thanks Thomas. This is good to know. I didn't realize. I saw one out on the web and tried to make my own for fun. Why do you think it's considered an antipattern?
Those restrictions don't make passwords more secure, annoy everyone, and make using password generators (hence password managers) harder. NIST, NCSC, etc. recommend against them.
Thanks Thomas. This is good to know. I didn't realize. I saw one out on the web and tried to make my own for fun. Why do you think it's considered an antipattern?
Those restrictions don't make passwords more secure, annoy everyone, and make using password generators (hence password managers) harder. NIST, NCSC, etc. recommend against them.
See troyhunt.com/passwords-evolved-aut... for example.
That's super interesting. Thanks Thomas. I am updating this blog to reflect your suggestion.