Rainbow tables are essentially instantaneous so one day isn’t enough either. If ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tinus_hn on April 20, 2021 \| parent \| context \| favorite \| on: Microsoft says mandatory password changing is “anc... Rainbow tables are essentially instantaneous so one day isn’t enough either. If you care about that kind of scenario I’d say your energy is better spent on just picking a more suitable hash algorithm.

cratermoon on April 21, 2021 [–]

Absolutely. In the real world there's just no case for password expiration any more. Require at least 14 characters. Don't insist on any "complexity" rules, but do check passwords against a list of of common/stupid ones and reject them. Use a good hash algo, like bcrypt, scrypt, or Argon2

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact