Password length requirement


#1

When signing up, I was asked for a 10+ character password. If possible, perhaps the length requirement could be reduced to ~7?

This might not be a good idea from a security point of view, but it’s not a terribly data-sensitive website so IMO it’s ok :slight_smile:


#2

Agreed completely. Seven would work for me. Ten had me scratching my head! :face_with_raised_eyebrow:


#3

Passwords don’t require numbers, symbols, or capital letters, and they allow spaces. This allows the recent advice of using weird phrases instead of things resembling md5 hashes.

It’s hard to remember "f5C3Ebd0cB" (10 characters) but pretty easy to remember "he sat atop London Bridge" (25 characters). The latter is also very hard for computers to guess.


#4

Yes that is generally good advise for strong passwords. Especially
important for databases or any accounts that have important/ sensitive/
personal information. For a discussion site I don’t think it’s so essential
to have a super secure password, I find it a bit overkill to require such a
long password. Convenience and security both important, in this case I’d
rank security of my pw lower than almost any of my other passwords :slight_smile:


#5

Agree, 10 is a bit too many


#6

Because I fell down the rabbit hole of reading blog post after blog post this afternoon, I came across one of my favorite blog posts from Jeff Atwood, the creator of Discourse (the platform this community uses), which should provide some context as to this site’s password requirements:

https://blog.codinghorror.com/your-password-is-too-damn-short/


#7

For a chuckle, y’all should read Randall Munroe’s take on this matter.


#8

He ran a survey at one point and asked people about common passwords. I was hoping that many would enter “CorrectHorseBatteryStaple”, but never saw the data.