Inappropriate password rules
-
Hi,
Your password rules are enforcing the use of a mixture of uppercase, lowercase, numeric and symbols as well as a minimum length. This is now considered poor practice and in fact does NOT result is better/stronger passwords. I wonder if you have read the NIST guidelines?
https://pages.nist.gov/800-63-3/sp800-63-3.html
There is also a great cartoon that sums it up: https://xkcd.com/936/
In a nutshell, forcing users to use all those different types of characters is a bad idea. It’s length that counts. Please could you reconsider your current password enforcement policy as it spoils what is otherwise a great WP plugin.
Or at the very least, add an option that turns off the “extra” symbols and just enforces a length of at least 12 characters?
Thank you
The page I need help with: [log in to see the link]
- The topic ‘Inappropriate password rules’ is closed to new replies.