Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

password rule for a casual website

I am considering using the following rules for a casual website.

  • 8-20 chars long
  • valid chars include letters, digits, and symbols
  • case sensitive

that's all. My question is, beside white space, is there other symbol that I should consider as "illegal"? Please keep in mind that it is a casual website so I don't need any password policy that is very restricted.

Thanks,

like image 293
sean717 Avatar asked Jan 19 '10 00:01

sean717


People also ask

What is a good password for a website?

The key aspects of a strong password are length (the longer the better); a mix of letters (upper and lower case), numbers, and symbols, no ties to your personal information, and no dictionary words.

What basic password rules should everyone use?

Strong passwords are longer than eight characters, are hard to guess and contain a variety of characters, numbers and special symbols. The best ones can be difficult to remember, especially if you're using a distinct login for every site (which is recommended).

What is the ideal password policy?

A strong password must be at least 8 characters long. It should not contain any of your personal information — specifically, your real name, username or your company name. It must be very unique from your previously used passwords. It should not contain any word spelled completely.


2 Answers

Hopefully you are not storing passwords in your database. You should be storing the hash of the password only.

So, if you are creating a hash out of the password, why have any illegal characters?

You may want to enforce a minimum password length, just for their own protection.

Even if you do restrict characters, why would you consider white space an illegal character? Many users create "pass phrases" to secure their passwords.

like image 130
Robert Cartaino Avatar answered Sep 22 '22 01:09

Robert Cartaino


You should let your users have whatever password they like. Maybe enforce a minimum length, but nothing else. You're sanitizing this before it hits your database anyway, right?

like image 41
Anon. Avatar answered Sep 24 '22 01:09

Anon.