Bad Password Rule

This is how you do it! Only pw rules that add security. Plus a security "meter". Fun fact: even 64 chars long, a password of all `a` doesn't pass security meter and enable button. #goodpasswordrule @cartainc

@BadPasswordRule Hi, Thank you for your feedback. We have passed this along to our dev team. thx, Jay @ MassMutual

@Authy It's a golden rule: you never want to have a single attack vector to break all your security. Password managers are just as bad an idea.

More cargo cult password rules: making the user change their password if there were too many bad login attempts.

Why are so many password rules bad and arbitrarily? Because... reasons. troyhunt.com/3-reasons-your…

@massmutual ...Worse part is new pw field doesn't error if you copy paste more than 12 chars. So when you go to use new pw, login fails =( twitter.com/BadPasswordRul…

@massmutual 12 chars max? Why?...

;) twitter.com/marimbatalk/st…

I was about to register with @SW_Trains, but then I saw their password rules... #BadPasswordRules

Gah password rule "no spaces allowed". #antisecurity

You fuckin retarded, @comcastcares? Did you change rule on what length pword need to be? CANT CHANGE NEW PASSWORD BECAUSE OLD IS TOO SHORT⁉️

@USPS @USPSHelp Rules that make passwords LESS random are less secure.

@Aetna Your password rules just rejected 50 character securely generated password because some characters repeat. #BadPasswordRules

@Aetna Also, your password rules are limited to 20 characters (bad!) and the error doesn't report that. #BadPasswordRules

NIST’s password guidance is good advice. Longer and unique is better. Hints, expiration and composition rules are bad. twitter.com/philipbsugg/st…

Top 3 stupid password rules. Bad: "must contain a symbol" Worse: "must change every 3 months" Worst: "cannot exceed 12 characters"

WebDev's underestimate pain caused by bad password generation pages. Feeding pw rules to users one at a time sucks! A lot of people give up.

@AppleSupport thx this helped

@SRTA_PeachPass srsly?