Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • nyan@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    Unfortunately, it’s rare that we can control what hashing algorithm is being used to secure the passwords we enter. I merely pray that any account that also holds my credit card data or other important information isn’t using MD5. Some companies still don’t take cybersecurity seriously.

    • xthexder@l.sw0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 month ago

      Storing credit card data has its own set of strict security rules that need to be followed. It’s also the credit card company’s problem, not yours, as long as you dispute any fraudulent charges early enough.

      I’m coming at this from the perspective of a developer. A user can always use a longer password (and you should), but it’s technically possible to make an 8 character password secure, thus the NIST recommend minimum.