Minimum Password Length #730

whitehacklabs · 2020-04-09T12:09:19Z

Why ASVS V4 requires 12 character password length while NIST SP800-63b requires 8

jmanico · 2020-04-09T12:14:26Z

We are going with other industry guidance. This is the one area we deviated SP800-63b on purpose. If this harms your efforts we advise forking the standard. Frankly ASVS is more of a framework than a standard and we encourage forking for individual needs!

…

-- Jim Manico @manicode

On Apr 9, 2020, at 8:09 AM, WhiteHackLabs ***@***.***> wrote: Why ASVS V4 requires 12 character password length while NIST SP800-63b requires 8 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

whitehacklabs · 2020-04-09T12:15:38Z

Thanks

whitehacklabs closed this as completed Apr 9, 2020

elarlang mentioned this issue Apr 12, 2020

Discussion: rules for password format and content #683

Closed

maizuka mentioned this issue Mar 11, 2021

Reconsider minimal length of passwords #913

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Minimum Password Length #730

Minimum Password Length #730

whitehacklabs commented Apr 9, 2020

jmanico commented Apr 9, 2020 via email

whitehacklabs commented Apr 9, 2020

Minimum Password Length #730

Minimum Password Length #730

Comments

whitehacklabs commented Apr 9, 2020

jmanico commented Apr 9, 2020 via email

whitehacklabs commented Apr 9, 2020