#Password
Any #infosec folks wanna help me with some decent data to backup the following point? I am trying to make the point to some executives that a #password policy requiring minimum 8 characters with 1 symbol, mixed case, and 1 number is just not reasonable in 2025. (I'm commenting on another company's policy, not my own!)
What is a good example of a policy (e.g., NIST 800-63 or whatever) that said 49 bits was no good?
I currently say: 49 bits of entropy was unacceptably low in 2005. It is unthinkably low in 2025. What can I point to that might resonate better than "bits of entropy?"
Using the classic method with Shannon's estimate, I figure it's on the order of 49 bits of entropy but that's only if it's purely random from the full character set, and we konw that's not true.
I'm not looking for rhetorical suggestions. I'm good at rhetoric. I'm looking for references I can point to (like "XYZ published in 2011 that the minimum acceptable password was 56 bits of entropy")
feel free to boost for fun
#security #cybersecurity
I need a suggestion (or possibly confirmation) on what password manager to setup for my grandparents.
They’ve been using the same variant of one password for very long and are constantly forgetting it and resetting it to forget it again in a few months. I’ve offered to manage that for them but I’d like to use a separate password manager to the one I’m using (just so I don’t have all my eggs in one basket).
I’ve been using #protonpass since it was launched in beta and have been very happy. I was thinking of setting up #vaultwarden on my #synology NAS and maybe self hosting. The only requirement is that I need to be able to share passwords with them or other family members without them needing an account.
Sometimes I think about possible reasons for disallowing certain characters in a #password. I never get very far, though. It too quickly gets too scary.
pCloudPass to Bitwarden Format
pCloud Pass (pCloudPass) does not use a standard CSV layout.
This Python 3 script converts the exported CSV file into a format compatible with the Bitwarden password manager layout.
Released under a simple MIT License. Share, copy, use — Enjoy! 
While I appreciate the #password requirements, I admit to being at a loss atm.
So is my @bitwarden 
This dumb password rule is from Global Entry.
"Our duties are wide-ranging, and our goal is clear - keeping America
safe."
This dumb password rule is from GoDaddy SFTP.
Max 14 characters for the most important password in your shared hosting environment.
Das ist immer so eine Zitterparty mit Bitwarden und Vaultwarden Updates.
Diesmal gab es Probleme beim Update.
Habs wieder zum Laufen bekommen. Nur wenn Passwort Manager nicht mehr läuft, ist das Chaos pur.
Ich glaube, viele Menschen mit Passwort-Managern haben eine Passwort-Länge von 42 Zeichen eingestellt.
#adams #douglas #paddg #theAnswer #theQuestion #security #sicherheit #ITSicherheit #password #passwort
This dumb password rule is from ING a dutch bank in almost 50 countries.
Max 20 characters, must have one number, one upper case character and one lower case character.
You can only use certain special characters.
When i asked about it they answer that it's really hard to change it.
When i asked if the password is saved as a hash or just plain they send the answer to ...
https://dumbpasswordrules.com/sites/ing-a-dutch-bank-in-almost-50-countries/
This dumb password rule is from BCV.
Username is randomly generated, example: 'H2487414'. The password must have **6** digits only.
Password can only be changed from the mobile application:
This dumb password rule is from Bendigo Bank.
**Exactly** eight characters.
This dumb password rule is from HM Revenue & Customs (UK Tax).
We store basically all of your data, but we can't store your password.
https://dumbpasswordrules.com/sites/hm-revenue-and-customs-uk-tax/
"I replaced my #Microsoft account #password with a #passkey - and you should, too"
This dumb password rule is from Walmart.
Your password must include the following:
- 8-100 characters
- Upper & lowercase letters
- At least one number or special character
This dumb password rule is from Bendigo Bank.
**Exactly** eight characters.
This dumb password rule is from Air Miles.
- Exactly 4 numbers.
