3 comments

[ 4.6 ms ] story [ 16.3 ms ] thread
NIST has a draft recommendation regarding password security in SP 800-63B. This issue discusses amending this to have systems generate a randomized password. This would be preferred rather than users generating their own passwords.

The idea is to fix the problem of password reuse (XKCD 792).

Doesn't that result in them being written down? How do you remember fifty or so randomly generated passwords?
You don't. If you can remember it, it will be guessed by a script.