Here is the text of the NIST sp800-63b Digital Identity Guidelines.

    • orclev@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 month ago

      Banks usually have the absolute worst password policies. It’s typically because their backend is some crusty mainframe from the 80s that limits inputs to something absurdly insecure by today’s standards and they’ve kicked the upgrade can down the road for so long now that it’s a staggeringly monumental task to rewrite it all. Thankfully most of them have upgraded at this point, but every now and then you still find one that’s got ridiculous limits like a maximum password length of 8 and only alphanumeric characters (with no 2FA obviously).