miku86
commented
2 years ago I don't think this is an educational problem, so I also don't think that sending people to other resources would solve this problem, as we can see in the millions of bad passwords out there.
I think convenience is the biggest hurdle, that's why I'm for better security policies, e.g. by increasing PASSWORD_MIN_SIZE = 8 to 10 or 12. And if people have problems creating a good one, we can support them with links to educational sites, but only as a hint.
The only advice we currently give users is “Keep in mind that Liberapay is a financial service, use a strong password!”. That's much too short and ambiguous.I think we need a dedicated website to educate people about password managers. It would be a generic and neutral website that any web application can link to, i.e. it wouldn't be specific to Liberapay and it wouldn't recommend only one password manager.
Similar issue on a different topic: #720.