[Cryptography] Removal of spaces in NIST Draft SP-800-63B
Michael Kjörling
michael at kjorling.se
Mon Apr 3 04:25:51 EDT 2017
On 2 Apr 2017 15:17 -0400, from kevin.w.wall at gmail.com (Kevin W. Wall):
> (And there are ways
> using JavaScript in web forms, to prevent it from being
> pasted in in the password confirmation field.)
Which has/have a tendency to break legitimate workflows, including
non-automated usage of a password manager. I copy and paste usernames
and passwords from my password manager into the web browser all the
time, in part because I don't quite trust automation to always get it
correct. At least if I mess up myself, I know (or am able to figure
out quickly) which two accounts are involved and can go change those
passwords without having to guess too much.
If pasting into password fields is broken, I will have to choose a far
less secure password, because really, there is no way I'm going to
type a 50+ upper/lower/digits/symbols/hieroglyphs password manually
every time. Either that, or I go with a competing service. (Yes, I
_know_ that 50+ is overkill, but I'm already using a password manager,
so why not add a decent safety margin? It's not like it makes it any
harder.)
Please don't ever encourage breaking standard workflows, including
copy and paste.
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the cryptography
mailing list