About the HashiCorp Cloud Platform (HCP) category

Information on HashiCorp Cloud Platform (HCP) use cases, Q&A, and best practices discussions. Please note that offerings may be in various release lifecycles. Categorize your question or comment under HCP Consul or HCP Vault subcategories. If your question or comment relates to networking, access control, or billing, post in this category. For support requests, please open a ticket.

2 Likes

HCP login requires numbers and special characters. This contravenes NIST’s Digital Identity Guidelines (800-63B) which in section 5.1.1.2 “Memorized Secret Verifiers” discusses the norms on password requirements:

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets.

I’m not sure if there’s a better place to submit this issue.