Jump to content

Recommended Posts

I'd suggest using Openwall's passwdqc, if possible.

 

http://www.openwall.com/passwdqc/

 

Info on implementing it with PHP once installed:

http://www.openwall.com/articles/PHP-Users-Passwords#enforcing-password-policy

 

It's far more complex, but it's worth it if it's actually valuable to enforce password policy. With 99% of the sites I build, I never feel a need to enforce anything more than a length of 8 characters or more. Beyond that, if a user wants to use 'password', they're more than welcome to.

 

 

Link to comment
https://forums.phpfreaks.com/topic/265087-size-of-hash/page/2/#findComment-1358674
Share on other sites

My point was, you can make very complex passwords without following a scheme some developer decided was best for it. Many banks, Facebook, Blizzard, etc don't even bother with case-sensitive passwords any more. The caps-lock key was too much support time to deal with, and the added entropy of 26 additional choices per character doesn't mean much on a 10-character password for implementation's sake

 

I think we are getting to the same conclusion, but have different reasons for getting there. If the user wants a password called "password" or wants to enter the star spangled banner in 1337 code that's up to them. With a few exceptions (financial/medical information), an application should not be the arbiter of what is an acceptable password. And, the only reason I think financial/medical type sites should require "complex" passwords is not because they "should" but because they have to in order to prevent lawsuits from users that use simple passwords.

Link to comment
https://forums.phpfreaks.com/topic/265087-size-of-hash/page/2/#findComment-1358705
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.