DEV Community


Discussion on: Do password rules impact security?

moopet profile image
Ben Sinclair

If you set up your rules to say that you need to match at least n criteria, such as "> 1 special character", "> 0 uppercase", "total length > 20 characters", etc. then you can keep that magic number big. Explaining these rules to a user in a clear manner is more difficult though.