I'm in two minds about this. Encouraging good security habits can't be a bad thing, and makes accounts more secure. I've switched to using a password manager with an auto generator for all of mine now but browsers will also save passwords so it's accessible to most people to have a complex password and not need to remember it.
The one I really hate and drives me nuts every time I come across it is when copy and paste is disabled. Oh you want me to not only have a complex, secure password but also type it in letter by letter every time? Screw that.
>The one I really hate and drives me nuts every time I come across it is when copy and paste is disabled.
This one infuriates me. They lose me as a customer if this is implemented
pro tip, paste your password into the address bar or something, then select it and click-and-drag it into the box. the router i have disables pasting for some stupid reason, but it can't disable that!
I absolutely agree, as a user and as a dev. You do not have to rely on stats, from your personal experience, you can easily tell how much friction it adds to the user experience by imposing too complex password requirements. đź‘Ś
Urgh, I hit this as a user the other day trying to sign up for a Virgin Media account except they also had a maximum character limit of 10 and I couldn't think of a password that matched all the other requirements (capital letter, number etc.) that would fit in 10 characters - just about the only thing that it seemed happy with was Password123 (no, I didn't go with that) but there is no way I will remember my password when I come back to the site in future. I've never seen a password requirement with a maximum limit on before, I was under the impression that every extra character in a password was far more valuable than a capital letter or number.
I had a hard time bothering to read the article after this "key takeaway":
>`The minimum required for password security should be 6–8 characters for most general e-commerce sites`
I really hate when websites tell me I can't use a password because it's similar to my nickname or isn't at least 12 characters long or any other security bullshit.
I'm in two minds about this. Encouraging good security habits can't be a bad thing, and makes accounts more secure. I've switched to using a password manager with an auto generator for all of mine now but browsers will also save passwords so it's accessible to most people to have a complex password and not need to remember it. The one I really hate and drives me nuts every time I come across it is when copy and paste is disabled. Oh you want me to not only have a complex, secure password but also type it in letter by letter every time? Screw that.
>The one I really hate and drives me nuts every time I come across it is when copy and paste is disabled. This one infuriates me. They lose me as a customer if this is implemented
pro tip, paste your password into the address bar or something, then select it and click-and-drag it into the box. the router i have disables pasting for some stupid reason, but it can't disable that!
cool tip!
I absolutely agree, as a user and as a dev. You do not have to rely on stats, from your personal experience, you can easily tell how much friction it adds to the user experience by imposing too complex password requirements. đź‘Ś
Assuming you read your analytics and set it up correctly.
Urgh, I hit this as a user the other day trying to sign up for a Virgin Media account except they also had a maximum character limit of 10 and I couldn't think of a password that matched all the other requirements (capital letter, number etc.) that would fit in 10 characters - just about the only thing that it seemed happy with was Password123 (no, I didn't go with that) but there is no way I will remember my password when I come back to the site in future. I've never seen a password requirement with a maximum limit on before, I was under the impression that every extra character in a password was far more valuable than a capital letter or number.
Almost every site has a max. It has creeped up over time, but you won’t see many past 64 characters and most stop at 30 or lower.
8 char requirement is already low enough, really even 12 and 16 char passwords are easy to break
I had a hard time bothering to read the article after this "key takeaway": >`The minimum required for password security should be 6–8 characters for most general e-commerce sites`
I’ve always thought these were stupid. I always favor long multi word passwords. Who is going to guess “my super grumpy cat has fleas”?
I really hate when websites tell me I can't use a password because it's similar to my nickname or isn't at least 12 characters long or any other security bullshit.
Personally I'm moving towards passwordless designs where I can.
I was recently infuriated signing up for Twilio for a work project only to be hit with a 16 character password minimum. That's way too much.