Passwords are only as strong as your application makes them – not your users.
As creators of web software which usually has user management, we have to consider password rules carefully. Without using 2-step verification which is overkill for most online accounts we have to ensure that we are not leaving the door open to hacking or phishing. This means finding a balance between security and keeping a good user experience at sign-up and login.
So thats that? As far as your application is concerned, yes – but for organisations they need to think about educating their users to behave more carefully in their password creation. They may be able to meet your list of requirements, but could still be making terrible choices which put your system at increased risk.
Arguably the education of the users is far more impactful than simply ensuring your system has perfect password rules. It will also be the case that not all systems can meet your requirements and so user education is your only line of defence.
Last updated by Matthew Jennings at .
Suite A, 10th Floor Maple House
High Street, Potters Bar
Hertfordshire, EN6 5BS
Call us : 020 3500 1520