Why do password strength requirements exist? [migrated]
Posted
by
Bozho
on Programmers
See other posts from Programmers
or by Bozho
Published on 2012-06-25T10:54:17Z
Indexed on
2012/06/25
15:22 UTC
Read the original article
Hit count: 206
Password strength is now everything, and they force you to come up with passwords with digits, special characters, upper-case letters and whatnot. Apart from being a usability nightmare (even I as a developer hate it when a website requires a complex password), what are the actual benefits of having strong passwords (for website authentication)? Here are the prerequisites of a system that handles authentication properly:
- store passwords using bcrypt (or at least use salt+hash) - hard-to-impossible to find the original password when an attacker gets the database
- lock subsequent password attempts with a growing cooldown - no brute-force via the site
© Programmers or respective owner