0
Dishevel, on 11 March 2013 - 07:15 AM, said:
If you want good then you have to depend on the people.
All sites should allow (Not Require) Lower Case, Upper Case, Numbers and Special Characters. No minimum length and set the Max to 255.
This will allow those who want it difficult to crack and easy to remember passwords. Those who do not care about their security do not get it. Simple.
All sites should allow (Not Require) Lower Case, Upper Case, Numbers and Special Characters. No minimum length and set the Max to 255.
This will allow those who want it difficult to crack and easy to remember passwords. Those who do not care about their security do not get it. Simple.
Maximum length requirements are useless since the password should be encrypted before any interaction server-side. Input length has no effect.
A coworker in my previous workplace had an interesting way to ensure password security on his own site (a very popular gaming-related site): He had his own password-cr acker (nice cencorship
) bots running brute-force and dictionary hacks on his own users. If a password was cracked, it sent an email to the user telling him to switch to a stronger password.
Edited by T2k5, 11 March 2013 - 07:20 AM.
