Password requirements torture

It’s bad enough the criteria for a password are kept secret, only shown after I’ve tried to enter something.

But it’s worse when the criteria are so complex for no good reason.

This site asks for:

  • 7 characters
  • And 3 of the following:
    • Uppercase
    • lowercase
    • number
    • and special character

If only 3 are needed, they should drop one requirement, eliminating a choice the user has to make.

At minimum, the UI should offer me a unique autogenerated password that meets the criteria that I can use if I wish.

There is consistent advice about how secure passwords need to be. Yet it’s fascinating how some sites define their own similiar but different criteria. Also see: OnePassword.

3 thoughts on “Password requirements torture

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s