Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • xthexder
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 months ago

    Storing credit card data has its own set of strict security rules that need to be followed. It’s also the credit card company’s problem, not yours, as long as you dispute any fraudulent charges early enough.

    I’m coming at this from the perspective of a developer. A user can always use a longer password (and you should), but it’s technically possible to make an 8 character password secure, thus the NIST recommend minimum.