Author

Topic: Is it safer to enforce strong password policies or just strongly suggest them? (Read 718 times)

full member
Activity: 168
Merit: 100
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
I would think strongly suggesting people to follow strong password policies without hardcoding the policy and letting people use any password they want would be more secure, since if you enforce the policy you tell potential attackers they can skip thousands of combos (say, if you don't allow less than 20 chars, the attacker won't need to try any of the thousand passwords with less than 20 chars; if you demand there always must be at least one low case, one high case, one digit and one symbol, the attacker won't have to try any of the thousands of passwords that don't got at least one of each and so on)


What do you think?
Jump to: