I never understand why people restric password length. Why not 12-char alphanumeric? Or 32-char alphanumeric? Most people will use 10-char passwords (or shorter), but those concerned with security could use better.
BTW - I'v got idea how to ensure people will use unique secure passwords on your site. It's a little harsh, but still.
For each new user in registration form calculate 4-letters hash (from user number, timestamp, whatever), and require user to include this hash in his password (and that the password is at least X characters long). User that has favorite password "swordfish" will just use "swordfishX13h" probably, but it's still better than "swordfish".
8 comments
[ 136 ms ] story [ 1590 ms ] threadAlso if an alphanumeric string should be entered / remembered by humans make sure to strip I, l, etc.
Which is still far lower than 12 digits.
I never understand why people restric password length. Why not 12-char alphanumeric? Or 32-char alphanumeric? Most people will use 10-char passwords (or shorter), but those concerned with security could use better.
BTW - I'v got idea how to ensure people will use unique secure passwords on your site. It's a little harsh, but still.
For each new user in registration form calculate 4-letters hash (from user number, timestamp, whatever), and require user to include this hash in his password (and that the password is at least X characters long). User that has favorite password "swordfish" will just use "swordfishX13h" probably, but it's still better than "swordfish".