Anyone still including special characters is behind the curve frankly. Working in Cybersecurity it pisses me off when anything enforces the special character requirement. It adds no security but plenty of inconvenience.
Well, sure, but I was under the impression that pass phrases that were dozens of characters long were better than passwords. That being said, I've seen almost no institution using anything but your generic 8-16 character, 1 number, 1 capital, 1 special character, none of the past 4 passwords, password template.
I think there's issues with some of the older legacy Windows systems that will straight up truncate anything past 16 characters, so that could be contributing to the issue.
Getting people to move away from old habits is a long and painful process in IT, particularly if the IT folks aren't the ones with decision making authority.
YOU DIDN'T EVEN INCLUDE A SPECIAL CHARACTER
Anyone still including special characters is behind the curve frankly. Working in Cybersecurity it pisses me off when anything enforces the special character requirement. It adds no security but plenty of inconvenience.
Well, sure, but I was under the impression that pass phrases that were dozens of characters long were better than passwords. That being said, I've seen almost no institution using anything but your generic 8-16 character, 1 number, 1 capital, 1 special character, none of the past 4 passwords, password template.
I think there's issues with some of the older legacy Windows systems that will straight up truncate anything past 16 characters, so that could be contributing to the issue.
Getting people to move away from old habits is a long and painful process in IT, particularly if the IT folks aren't the ones with decision making authority.
I wonder what the limit is in active directory