Regarding the point "Enforce creation of strong passwords"...
I assume you are referring to user passwords, so then I ask why?
If a user deems that my site is unimportant then why can't they use their 'throw-away' password, or the password that their pw generator gave them (which doesn't happen to fulfill my rules)?
I think it is important to teach users to distinguish between their important sites, which deserve strong unique passwords, and the vast majority of sites which are much less important. If we expect them to think up unique, strong, passwords for every site, they will just give up and go back to bad practices.
Regarding the point "Enforce creation of strong passwords"...
ReplyDeleteI assume you are referring to user passwords, so then I ask why?
If a user deems that my site is unimportant then why can't they use their 'throw-away' password, or the password that their pw generator gave them (which doesn't happen to fulfill my rules)?
I think it is important to teach users to distinguish between their important sites, which deserve strong unique passwords, and the vast majority of sites which are much less important. If we expect them to think up unique, strong, passwords for every site, they will just give up and go back to bad practices.
+1, Tom.
ReplyDelete