jspωiki
Password Hint

Overview#

Password Hint are values typically used for Password Recovery that provide some "hint" about the value of the password.

Password Hint would be set a Credential Enrollment and perhaps at Password Changes

Adobe stored Password Hints in their database as was disclosed back in 2013. Just to illustrate the terribleness of these hints, here are a few of them here:

  • my name
  • adobe
  • usual
  • password
  • email

Password Hint is now considered a Password Anti-Pattern

National Institute of Standards and Technology (NIST) thinks Password Hints are a bad idea:
Verifiers SHALL NOT permit the subscriber to store a "hint" that is accessible to an unauthenticated claimant.

More Information#

There might be more information for this subject on one of the following: