It’s infuriating to create a “strong password” with letters, numbers, upper and lowercase, symbols, and non-repeating text… but it has to be only 8 to 16 characters long.
That’s not a “strong” password, random characters or not.
Is there a limitation that somehow prevents these sites from allowing more than 16 characters?
I’m talking government websites, not just forums. It seems crazy to me.
NIST recommended to never have passwords expire since like 3 decades. You gotta get rid of that. It makes your org less secure.
Probably best to just fire whoever set that up. They’re clueless
These policies typically come from top management. They’d have to fire themselves.