|
|
|
|
|
|
by dahart
659 days ago
|
|
|
The alternative in practice is not all utf8 characters, the alternative is lowercase letters. If there are no rules that require uppercase and alphanumerics, or length, then many people will use passwords that are easy to type, and short, and not impose security difficulties on themselves. The alphanumerics + case rule is addressing human behavior, and effectively does increase the search space (by a lot) for most people, not decrease it. It would be nice if most password entries could detect other utf8 chars and allow them to substitute for cased alphanumerics, or if longer passwords could relax the rules. The point is to meet a threshold of security against attackers, and the blanket rule does that but ignores some viable and convenient alternatives. |
|
|