It might be worth mentioning that most password strength libraries tend to follow the same rules that actually produce less secure passwords because of human nature. Typically these libraries request a mix of mixed case letters, some numbers, and the "special characters" (which is a misnomer, as often it's limited to basic punctuation). With these kinds of limits, we're enforcing situations where a user actually has more difficulty creating a memorable password, and then needs to rely on other systems to help. At best this would be a password manager, but at worst this is a passwords.txt file on the desktop.
Randall Munroe, (NASA scientist, mathematician, artist) has a great comic to help users select good passwords, as he recognises the problem with current password strength algorithms, and what they're effectively training users to do.
People are great at remembering things that evoke an image or emotion in their mind, but terrible at a string of nonsensical characters. So if forced by poor rules, they choose passwords that fit the rule, but create poor passwords, like "Password123!" (I'd bet money on this being somewhere in a leaked password list online)
Agree, how to create a memorable password is upto your imagination, like the first letter of every word of a song or a sentence for example. It is also important to use an api like I mentioned above to check if the user created is in the list of breached data or a commonly used one.
Yeah, I use the old horse-battery-staple technique for my passwords. It does mean they're very long, but much harder to crack than a "Pa$$w0rd" which is what a lot of APIs determine is a "strong" password.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It might be worth mentioning that most password strength libraries tend to follow the same rules that actually produce less secure passwords because of human nature. Typically these libraries request a mix of mixed case letters, some numbers, and the "special characters" (which is a misnomer, as often it's limited to basic punctuation). With these kinds of limits, we're enforcing situations where a user actually has more difficulty creating a memorable password, and then needs to rely on other systems to help. At best this would be a password manager, but at worst this is a passwords.txt file on the desktop.
Randall Munroe, (NASA scientist, mathematician, artist) has a great comic to help users select good passwords, as he recognises the problem with current password strength algorithms, and what they're effectively training users to do.
People are great at remembering things that evoke an image or emotion in their mind, but terrible at a string of nonsensical characters. So if forced by poor rules, they choose passwords that fit the rule, but create poor passwords, like "Password123!" (I'd bet money on this being somewhere in a leaked password list online)
Agree, how to create a memorable password is upto your imagination, like the first letter of every word of a song or a sentence for example. It is also important to use an api like I mentioned above to check if the user created is in the list of breached data or a commonly used one.
Yeah, I use the old horse-battery-staple technique for my passwords. It does mean they're very long, but much harder to crack than a "Pa$$w0rd" which is what a lot of APIs determine is a "strong" password.