Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The only standard we should set is a minimum length that is not too short. Something like 8 characters minimum. I don't care if you use only number or only letter, use whatever you want, it's YOUR security after all! The longer the password, the more likely it is to be unique!

My password has been letters + numbers at the end for a long time and I know it's secure because it's not a common word or numbers that have to do with me. No capitals, no punctuations, only lowercase letters and numbers. When a website forces me to use other letters in my password, I keep forgetting it and I am forced to use "Lost my password" all the time, which makes me want to use that service less and less.

Were you inspired to post this by today's XKCD comic? Link : http://xkcd.com/936/



I do not mean to single you out but this is a viewpoint that I have never really unsderstood. If you do not care about "my security" then why have a length requirement?


You don't want your product to be the one with hundreds of people having their accounts compromised. This warrants a bare minimum of password requirements.


Exactly. So you do care about the security of the users.


No, he cares about the reputation of his product being spoiled by the intellectually challenged.


that and because I needed to login into verizon today, and was reminded with error messages that they don't allow any special characters in their passwords




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: