Post by lexikos » 10 Nov 2015, 04:11
Having a complex password is no less valuable on a site without HTTPS than one with HTTPS. Complexity requirements are also much, much easier to implement, and cost nothing.
They're also annoying. I've turned them off. I know that these requirements weren't in place a year ago.
I think it's common to require characters from a minimum number of categories (rather than all of specific categories), but phpBB only has the following settings:
- No requirements (except length)
- Must be mixed case
- Must contain letters and numbers
- Must contain symbols
These are mutually exclusive, but apparently "accumulative" - i.e. the setting it was on (the last one) requires mixed case letters, numbers and symbols.
Having a complex password is no less valuable on a site without HTTPS than one with HTTPS. Complexity requirements are also much, much easier to implement, and cost nothing.
They're also annoying. I've turned them off. I know that these requirements weren't in place a year ago.
I think it's common to require characters from a minimum number of categories (rather than all of specific categories), but phpBB only has the following settings:
[list][*]No requirements (except length)
[*]Must be mixed case
[*]Must contain letters and numbers
[*]Must contain symbols[/list]
These are mutually exclusive, but apparently "accumulative" - i.e. the setting it was on (the last one) requires mixed case letters, numbers and symbols.