Just some anectodal stuff from me: You could mean Credit Card Companies would encourage strong passwords, but I have encountered cases, where I couldn't enter my randomly generated password, which was 20-32 characters long, as the maximum length was 16 :-)
I think a lot of password strength meters are flawed, as they might rate * PASSword_1234* better than something like *if1vev7ryuc4mat7i8ov4cha5hia5hodd *, just because mine wouldn't use a special character and uppercase letters, so enforcing strict rules like what you stated doesn't necessarily ensure strong passwords. Have a good weekend! -- avertas gmbh - user experience consultant Ich helfe Ihnen Ihnen: - Ihre Software/Website benutzerfreundlich zu gestalten - Ihren Kunden ein "Wow" zu entlocken mobile +41 79 746 48 59 On Wed, Apr 15, 2009 at 1:22 PM, Alan Cox <[email protected]> wrote: > Does anyone have any evidence, anecdotal or formal, about how > different password strength requirements impact the usability of a > web-based application? > > There's a spectrum of different strength requirements. I've seen > sites that don't have any requirements, other than the password > exists. I've seen others that require the password to be at least > 10 characters, with at least 1 lower case, 1 upper case, 1 digit, 1 > "special" character (like #...@!), and then require the password to > be updated regularly while preventing reuse of old passwords. > > Our security purists here want "really strong" passwords, though > not as strong as my second example above. I'm looking to see if > there's any knowledge out there about how different points on the > strength-spectrum impact usability. Is there a watershed spot where > if we make it more complicated than X, usability really suffers, but > all points less complicated than X are equally easy? > > Thanks > Alan > ________________________________________________________________ > Welcome to the Interaction Design Association (IxDA)! > To post to this list ....... [email protected] > Unsubscribe ................ http://www.ixda.org/unsubscribe > List Guidelines ............ http://www.ixda.org/guidelines > List Help .................. http://www.ixda.org/help > ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
