jult
commented
6 days ago Also, and this is rather important, throw out those ridiculously complex requirements, and require only one, namely LENGTH! As a CISSP and CEH I can assure you, those complex hard to remember passwords are useless. What you want is either proper 2FA and/or lengthy passphrases. Don't believe me? Do try this. A password like "somestupidreallydumbbutlongpass" is waaaay better than "g76^%_hgK".
Is there a possibility to show what the password requirements are before we hit send ? Something like that (with js)
at least 1 lowercase letter at least 1 uppercase letter at least 1 symbol at least 1 number
and requirements that are not met are red, those who are met green.
Or at least a text showing the requirements. Otherwise the user has to guess what the requirements are