DEV Community


Discussion on: Do password rules impact security?

domysee profile image
Dominik Weber Author

I guess the question is actually all about psychology. Is this really not a burden for the user? 1-2 characters don't sound that much, but for some it might make it too hard and they write it down somewhere. It's not just about crackability.

On average one could probably say that, but it actually depends on the hashing algorithm. If it takes 10s to check one password, then a lot fewer characters are needed. And if md5 is used, the longest password on earth won't help you.

kostassar profile image
Kostas Sar

It is a burden! Ideally each user has different and difficult passwords for each account he owns. This makes remembering all of them really hard but fortunately we have password managers to do that job. They generate long random passwords and the user just remembers only one really hard one, which is totally doable.

In a perfect world everyone is using one of those and every website has secure and updated password storing.