Technology Radar
Published : Apr 13, 2021
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Apr 2021
Hold
密码策略是当前很多组织会默认启用的标准。然而,我们仍然见到很多组织内部要求密码必须包含符号、数字、大小写字母和特殊字符。诸如这样的要求就是 天真的密码复杂度要求 。这些要求会导致错误的安全意识,因为用户会由于满足这些要求的密码太难以记忆和输入,而选择使用更不安全的密码。正如NIST(美国国家标准技术研究所)推荐所提到的,影响密码强度的主要因素是密码的长度,因此用户应该选择更长的密码,最长为64个字符(包括空格)。这些密码会更安全,并且更易于记忆。
