Password requirements torture

It’s bad enough the criteria for a password are kept secret, only shown after I’ve tried to enter something.

But it’s worse when the criteria are so complex for no good reason.

This site asks for:

7 characters
And 3 of the following:
- Uppercase
- lowercase
- number
- and special character

If only 3 are needed, they should drop one requirement, eliminating a choice the user has to make.

At minimum, the UI should offer me a unique autogenerated password that meets the criteria that I can use if I wish.

There is consistent advice about how secure passwords need to be. Yet it’s fascinating how some sites define their own similiar but different criteria. Also see: OnePassword.

3 thoughts on “Password requirements torture”

Pingback: Password requirement torture UI #ui #ux #usability #security (via | UXWeb.info
Alan on April 15, 2012 at 12:03 pm said:

The easiest way for developers to provide “a unique autogenerated password that meets the criteria” is to link to a tool such as http://strongpasswordgenerator.com .
(Full disclosure: I’m involved with that website.)

Reply ↓
Pingback: Five Blogs – 16 April 2012 « 5blogs

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )