-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Evaluate the 12-character password requirement #253
Comments
@adhilto I will talk to our team as I was not around when that policy was initially created. |
@adhilto I am wondering if they got that number from this Google article: |
@adhilto After discussion internally, we are going to keep it at minimum as 12 and cited the google recommendation from the article above. Even though NIST says 8 characters, Google says 12 and DISA standards is 15. |
Recommend we add that link and add to the rationale where the number came from. As the |
With regard to GWS.COMMONCONTROLS.5.2, what is the motivation for the number 12? More is obviously stronger, but NIST guidance specifies 8 characters (https://pages.nist.gov/800-63-3/sp800-63b.html). Is there a specific reason we're deviating from NIST guidance (beyond "more is better")?
The text was updated successfully, but these errors were encountered: