Does anyone know of any studies that weigh various password strength requirements (e.g. minimum 8 characters, one capital letter, one number of symbol) with users' ability to remember the passwords?
Or, on a more practical level, reports that track password strength requirements vs. increased calls to support / password reset requests? My client wants increased security, but I don't want the users to go nuts. Trying to find a happy medium. Also, have you ever had a website ask you to change your password (long after you originally registered)? Did it hugely annoy you or were you pleased that they were tightening up? Meredith - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Meredith Noble Information Architect, Usability Matters Inc. 416.598.7770 x16 [EMAIL PROTECTED] http://www.usabilitymatters.com <http://www.usabilitymatters.com> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
