A complete guide to the new 2025 NIST password guidelines – Proton

14 points by DavideNL 2 months ago · 2 comments

Reader

nerdsniper 2 months ago

Why have a maximum of 64 characters?

MonstraG 2 months ago

Yea, I think they (proton) just didn't properly read (misunderstood) the guidelines.
> 3.1.1.2 Password Verifiers
> ...
> 2. Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
In other words, if you want to put a max length, don't put 20, put at least 64.