Agree totally. I’ll try to word smith that down.
Michael O'Brien

Agreed… almost worse than requiring certain characters is when they aren’t allowed… my typical passwords lately are short sentences like, “The passphrase is strong with this one.” where the first word is cap, the rest proper cased and punctuation (period or space)… if my password manager is available, I’ll lean on that, but it’s irritating when you aren’t allowed to enter spaces, or periods, or you get “you must have a number”

For the most part, I’d say defer to one of the last pass ports, display appropriate warnings for less than a score of 3, yellow for 3, and green for 4. It’s mostly a solved problem… but people make it harder on themselves.

That doesn’t even get into unicode normalization, utf8 encoding, salting and hashing, which a lot of devs also get very wrong.

Like what you read? Give Michael J. Ryan a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.