Thought maybe I could garner some opinions on the usability of
password enforcement techniques.
Recently, I've noticed a trend towards more "secure" passwords for
many things, and that's a good idea. However, I've also noticed that
certain web sites take that to an extreme, disallowing the use of any
password that does not meet their criteria. Often, these criteria are
For example, one web-based product (non-financial) refused to allow
me to enter a password that did not have ALL of:
- at least one capital letter
- at least one numeric
- at least one non-alpha character
- at least 8 characters
Clearly, this would produce a reasonably secure password, but I'd
never remember it!!! I prefer Google's approach, where a graphic
indicator shows me the "strength" of my password, but lets me choose
anything I want.
Would certainly love to hear the group's thoughts on this...