Password requirements torture

It’s bad enough the criteria for a password are kept secret, only shown after I’ve tried to enter something.

But it’s worse when the criteria are so complex for no good reason.

This site asks for:

  • 7 characters
  • And 3 of the following:
    • Uppercase
    • lowercase
    • number
    • and special character

If only 3 are needed, they should drop one requirement, eliminating a choice the user has to make.

At minimum, the UI should offer me a unique autogenerated password that meets the criteria that I can use if I wish.

There is consistent advice about how secure passwords need to be. Yet it’s fascinating how some sites define their own similiar but different criteria. Also see: OnePassword.

About these ads

3 thoughts on “Password requirements torture

  1. Pingback: Password requirement torture UI #ui #ux #usability #security (via |

  2. Pingback: Five Blogs – 16 April 2012 « 5blogs

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s