- November 30, 2021: Reviewed.
- June 25, 2019: Published.
The Bitsight password policy complies with the United States National Institute for Standards and Technology (NIST) guidelines. For your convenience and improved security, we follow these guidelines:
- Passwords must be a minimum of 8 characters.
- Printable ASCII characters (including capitalized/uppercase), spaces, all Unicode characters, and emojis are all allowed, but no specific type or mix of characters is required.
- New passwords are checked against a dictionary of known-bad choices that have been publicly exposed as a result of a data breach. The use of a known-bad password will prompt you to try a different password, with a “The new password is not allowed because it appeared on a publicly disclosed list of passwords” error message.
- Longer phrases are encouraged, rather than hard-to-remember or deceptively complex passwords.