On 12/18/2016 05:54 PM, ilf wrote: > Brian Candler: >> Furthermore, despite consuming so much entropy, it doesn't even >> guarantee that every password generated has at least one upper-case, >> lower-case, digit and symbol - i.e. the password may still be rejected >> by many websites! > > Websites that impose such complexity requirements are not following the > NIST Digital Authentication Guidelines:
Yeah, but that's beside the point. If the majority of websites (including really big sites), impose such requirements, then they'll impose such requirements until the time they stop doing it. Rejecting reality won't get you far in that case. But, like Jason said, most users will get around those requirements by just kinda randomly inserting a number or upper-case letter into the generated password. Especially considering the likely userbase of pass, the proposed process should generally suffice. -- www.lackerbauer.com 8A86 BD14 1859 44F2 5B83 6908 4B81 EE5D 6A56 A4DE _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
