Password complexity constraints, yes or no
I was going through best practice for password constraints. Happened upon nist guidelines where they discourage complexity constraints and instead suggest depending on length (minimum of 8) and blocklist , password generators etc.
https://pages.nist.gov/800-63-4/sp800-63b/passwords/
Is it better to not enforce any "must contain special character" constraints then?
Also should you trim spaces at the end and start of password before hashing? For username i tend to do it but I'm not sure.
Or do I just set validation that informs the user that spaces at the end or start of password are not allowed.
Or just let the user enter it like that
https://pages.nist.gov/800-63-4/sp800-63b/passwords/
Is it better to not enforce any "must contain special character" constraints then?
Also should you trim spaces at the end and start of password before hashing? For username i tend to do it but I'm not sure.
Or do I just set validation that informs the user that spaces at the end or start of password are not allowed.
Or just let the user enter it like that
A friendly place for developers to meet other devs, ask questions, get help, and just have a good time 🙂.
36,263Members
Resources
Recent Announcements
Similar Threads
Was this page helpful?
