Unfortunately, it’s rare that we can control what hashing algorithm is being used to secure the passwords we enter. I merely pray that any account that also holds my credit card data or other important information isn’t using MD5. Some companies still don’t take cybersecurity seriously.
Storing credit card data has its own set of strict security rules that need to be followed. It’s also the credit card company’s problem, not yours, as long as you dispute any fraudulent charges early enough.
I’m coming at this from the perspective of a developer. A user can always use a longer password (and you should), but it’s technically possible to make an 8 character password secure, thus the NIST recommend minimum.
Unfortunately, it’s rare that we can control what hashing algorithm is being used to secure the passwords we enter. I merely pray that any account that also holds my credit card data or other important information isn’t using MD5. Some companies still don’t take cybersecurity seriously.
Storing credit card data has its own set of strict security rules that need to be followed. It’s also the credit card company’s problem, not yours, as long as you dispute any fraudulent charges early enough.
I’m coming at this from the perspective of a developer. A user can always use a longer password (and you should), but it’s technically possible to make an 8 character password secure, thus the NIST recommend minimum.