DEV Community


Discussion on: Do password rules impact security?

domysee profile image
Dominik Weber Author

That's an interesting point. So even if every character is allowed in a password, an attacker could still only try combinations with lowercase characters + numbers, since most users will only use that.

So in this case, if the attacker only wants to find out a majority of passwords, those rules actually increase the password space.

Would probably be different for services that target developers though.

Thread Thread
perttisoomann profile image
Pert Soomann

Apparently so. I dunno. I go for length and simplicity my own accounts :)

Your users... Got few mates in hosting business, they constantly have to deal with hacked WP installs because people don't pick good passwords :|