I'm noticing more and more on websites occasions where I'm asked to create a password, and there is no second field asking to repeat the password so I can confirm I typed it correctly, and there is also no way to show the password (it's just dots).
This just happened again with pledgemanager.com and confirming payment for Cory Doctorow's new book. Am I right in feeling this is not great site design?
Follow
@hollie Yes and here's NIST backing you up: https://www.netsec.news/summary-of-the-nist-password-recommendations-for-2021/
@madewokherd I didn't know "Do not enforce regular password resets" would be on that list, but I was so glad to see it, for all the reasons it mentioned. The University of Oregon and Oregon State University both make you reset your password regularly and it's incredibly annoying and practically begs one to just use the most memorable, least secure password you can think of.