Re: It has to be said
@4, there is a better way called WebAuthn for the web at least (for non-web systems, there isn't really a "standard" that I know of). However, WebAuthn will take a long time to adopt, and it undoubtedly won't be supported across all websites. Passwords will still be needed.
Also, those password requirements you listed were redacted by NIST in NIST SP 800-63. They were changed significantly to only require a minimum length policy.
-- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector