I find that some of these limitations put me in a worse position than if I were to have full control. eg. you MUST use a symbol, or using both lower AND upper case characters.
This is a joke! We're in the 21st century, people should be able to have their own set of password standards. I know we, as programmers, are always looking out for the most noobish of the end-users. But is it really necessary to go as far as to FORCE EVERYONE into picking a blatantly obviously brute-force-safe password?
In the end, the bulk of these users are just going to forget their password, add it to their password manager, and become frustrated with this chosen system. This in turn is insecure for its own reasons.. I think what we need is to remove these silly limitations altogether (although a set standard minimum/maximum character limit is completely understandable imo), and allow people to pick their own standards. The newbies out there will eventually get their accounts hacked, its inevitable imo. And when that happens they will learn to set better passwords.
This is a joke! We're in the 21st century, people should be able to have their own set of password standards. I know we, as programmers, are always looking out for the most noobish of the end-users. But is it really necessary to go as far as to FORCE EVERYONE into picking a blatantly obviously brute-force-safe password?
In the end, the bulk of these users are just going to forget their password, add it to their password manager, and become frustrated with this chosen system. This in turn is insecure for its own reasons.. I think what we need is to remove these silly limitations altogether (although a set standard minimum/maximum character limit is completely understandable imo), and allow people to pick their own standards. The newbies out there will eventually get their accounts hacked, its inevitable imo. And when that happens they will learn to set better passwords.