The Bitsight password policy complies with the United States National Institute for Standards and Technology (NIST) guidelines. For your convenience and improved security, we follow these guidelines:
- Passwords must be a minimum of 8 characters.
- Printable ASCII characters (including capitalized/uppercase), spaces, all Unicode characters, and emojis are all allowed, but no specific type or mix of characters is required.
- New passwords are checked against a dictionary of known-bad choices that have been publicly exposed as a result of a data breach. The use of a known-bad password will prompt you to try a different password, with a “The new password is not allowed because it appeared on a publicly disclosed list of passwords” error message.
- Longer phrases are encouraged, rather than hard-to-remember or deceptively complex passwords.
Example: p@s$w0rd
- November 30, 2021: Reviewed.
- June 25, 2019: Published.
Feedback
2 comments
Please provide the list of "publicly exposed passwords" which you are going to be checking against, so we know what is and is not acceptable instead of having to guess at that criterion's requirements while making a new password.
Hi Ben, We use a list that is too large for us to make available in a practical fashion (millions of entries), but to get an idea, it is similar to the one at https://haveibeenpwned.com/
Please sign in to leave a comment.