I would love to see an explicit recommendation of "no disabling paste" in the NI... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

ipsin on Nov 23, 2016 | parent | context | favorite | on: NIST’s new password rules – what you need to know

I would love to see an explicit recommendation of "no disabling paste" in the NIST standard... so that I can contact companies that do so and drive me nuts. The article implies that disabling paste would run afoul of the NIST standards, but is there actual language I could point to?

pluma on Nov 23, 2016 [–]

I would sure hope so. I managed to convince a company to allow paste in their login form by tweeting them this article: https://www.troyhunt.com/the-cobra-effect-that-is-disabling/

But I doubt most companies would be this reasonable if they have this level of stupid in their password handling.

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact