We discussed this very issue in my department recently. We decided that it's a balance between security and usability. What typical user wants to have a password 10chars long with a capital and a special character? A short list:
1. Someone going to their banking site 2. Someone accessing tax and other sensitive, identity theft prone info 3. Someone checking their credit card balance Etc. Cases where password strength is less important: 1. Forums 2. Blogs 3. Non-sensitive, non personal information sites/areas So you just have to weigh the situation objectively; how sensitive is the information vs. how many times do you want users requesting their forgotten password? :) I agree that visual feedback for the password as it's entered is a fantastic way to ease a user's frustration: http://ui-patterns.com/pattern/PasswordStrengthMeter P.S. Your Dev team should worry more about sql injection attacks and denial of service rather than having super-secure passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Posted from the new ixda.org http://www.ixda.org/discuss?post=41287 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... disc...@ixda.org Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help