Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm glad GDS is working to improve gov.uk sites but some really simple things still seem broken. Example: it'd be great if GDS would stop with the ridiculous forced password recipes across gov.uk sites.

Today I had to try three times to get 1password to satisfy the insane requirements of the site (8-12 alphanumerics, no special characters).



> it'd be great if GDS would stop with the ridiculous forced password recipes across gov.uk sites.

GDS isn't enforcing weird password policies across government.

This is the advice GDS publishes on passwords: https://www.gov.uk/service-manual/user-centred-design/resour...


I'm not surprised really, since the sort of services you can access with a gov.uk account can lead to identify theft or other types of fraud.


So require a long password. Limiting passwords on an important site to 12 characters is madness.


The cited password recipes are not better for security.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: