Copy this bookmark:



bookmark detail

Google Cloud Platform Blog: 12 best practices for user account, authorization and password management
NIST has recently updated guidelines on password complexity and strength. Since you are (or will be very soon) using a strong cryptographic hash for password storage, a lot of problems are solved for you. Hashes will always produce a fixed-length output no matter the input length, so your users should be able to use passwords as long as they like. If you must cap password length, only do so based on the maximum POST size allowable by your servers. This is commonly well above 1MB. Seriously.
security  howto  blog 
february 2018 by janpeuker
view in context