Why do password strength requirements exist? [migrated]

Posted by Bozho on Programmers See other posts from Programmers or by Bozho
Published on 2012-06-25T10:54:17Z Indexed on 2012/06/25 15:22 UTC
Read the original article Hit count: 206

Filed under:
|

Password strength is now everything, and they force you to come up with passwords with digits, special characters, upper-case letters and whatnot. Apart from being a usability nightmare (even I as a developer hate it when a website requires a complex password), what are the actual benefits of having strong passwords (for website authentication)? Here are the prerequisites of a system that handles authentication properly:

  • store passwords using bcrypt (or at least use salt+hash) - hard-to-impossible to find the original password when an attacker gets the database
  • lock subsequent password attempts with a growing cooldown - no brute-force via the site

© Programmers or respective owner

Related posts about security

Related posts about passwords