Evaluate the 12-character password requirement #253
Assignees
Comments
|
@adhilto I will talk to our team as I was not around when that policy was initially created. |
|
@adhilto I am wondering if they got that number from this Google article: |
|
@adhilto After discussion internally, we are going to keep it at minimum as 12 and cited the google recommendation from the article above. Even though NIST says 8 characters, Google says 12 and DISA standards is 15. |
jkaufman-mitre
added
No Changes Needed
Common Controls
and removed
Pending TCO Lead Review
labels
|
Recommend we add that link and add to the rationale where the number came from. As the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With regard to GWS.COMMONCONTROLS.5.2, what is the motivation for the number 12? More is obviously stronger, but NIST guidance specifies 8 characters (https://pages.nist.gov/800-63-3/sp800-63b.html). Is there a specific reason we're deviating from NIST guidance (beyond "more is better")?
The text was updated successfully, but these errors were encountered: