Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
This isn't that bad, I've had requirements that had a max length limit of 10 characters.
I don't own an Xbox myself but I think a friend couldn't enter his MS password on there because it was to long. -
The best restriction to have in your password requirements is to have at least one emoji
-
Root826007yLength adds more entropy than anything else.
Basically every other complexity requirement is just stupid. -
3picName7297ymy uni password must NOT be longer than 8 characters ... don't see the reason behind that 😌
-
hawkes15727yWe use this in or project: https://github.com/dropbox/zxcvbn
It uses a minimum entropy ("quality") of the password and checks it against a dictionary of the most common passwords, to prevent your users from using "qwerty".
No "your password needs at least 3 special characters and the last name of a Michelin-awarded chef", but "your password is insecure".
Most importantly, TELL the user if the password he wants to set satisfies your constraints. Nothing is more frustrating than playing the guessing game.
Related Rants
Why would anybody do this?
Especially the last point
aaaaaab is already a lot more secure then 1234 but who cares, right?
undefined
just why
password requirements