But you forgot the rule where it couldn’t be more than 12 characters long, so you didn’t try the correct variation until the validation error for the password reset told you what the rules are.
I’m happy to comply with your complexity requirements, but don’t tell me about each one only when I’ve failed to meet it. That’s really past the bar of shitty design into the realm of asshole design.
I’m not a security expert, so I’m sure someone can correct me, but it is my understanding that all the nonsense of adding numbers and special characters does nothing to increase security. Longer passwords increase security, even if they are all lowercase letters.
So, “PaS$w3rD@” is a much less secure password than “sallyandbillywenttothestoreforsoda”
It’s not that it does NOTHING to improve security… An 8-character password with more options per character IS more complex (and in that sense, secure) than one with fewer.
It’s just that adding more characters (e.g. in a passphrase, as per your example) also increases complexity, and is more usable.
But you forgot the rule where it couldn’t be more than 12 characters long, so you didn’t try the correct variation until the validation error for the password reset told you what the rules are.
THIS is the one that makes me the angriest.
I’m happy to comply with your complexity requirements, but don’t tell me about each one only when I’ve failed to meet it. That’s really past the bar of shitty design into the realm of asshole design.
I’m not a security expert, so I’m sure someone can correct me, but it is my understanding that all the nonsense of adding numbers and special characters does nothing to increase security. Longer passwords increase security, even if they are all lowercase letters.
So, “PaS$w3rD@” is a much less secure password than “sallyandbillywenttothestoreforsoda”
You are exactly right and here is a comic that explains it. But nearly 0 websites have caught on to this.
https://xkcd.com/936/?correct=horse&battery=staple
That’s 59 and 159 bits of entropy, respectively according to some random online password entropy calculator I found.
Even better, just type out the whole sentence fully. Why disallow spaces?
“Sally and Billy went to the store for soda”. 274 bits.
It’s not that it does NOTHING to improve security… An 8-character password with more options per character IS more complex (and in that sense, secure) than one with fewer.
It’s just that adding more characters (e.g. in a passphrase, as per your example) also increases complexity, and is more usable.
And it’s so weird that almost everyone seems to do it that way. I can’t think of a reason other than complacency of a non-golden path interaction.