New posts in Password Policy

IT will only give password over phone - but is that really more secure than email?

Why use one-time codes for two-factor authentication backups?

What is the real danger of not putting a login password in Windows in a small company except that of allowing anyone to go physicaly on your computer?

What are the security risks of logging the hash of rejected passwords?

How to strike a balance between security policies and practical implementation challenges?

Is there value in changing your password after failed (malicious) login attempts?

How Often Should I Change my Passwords

Confused about using a password that "would take centuries to break"

Why do salts for hashing passwords need to be globally unique, not just system/site-unique?

why don't all sites generate passwords for users?