|
|
|
|
|
|
by jasonkester
5058 days ago
|
|
|
What do you do when you log in to your bank and they tell you that your password has expired and that you need to create a new unique 6-8 character password with exactly one capital letter and one number but no special characters? And that it can't contain any part of any of your old passwords? I guess the same thing you'd do if you ran across a site with this well intentioned but terrible idea: write it down or email it to yourself. The only sane thing you can do as a developer is let users chose any password they like, regardless of how insecure you think it is. Store it correctly and that's the end of your involvement. Let your users do what they want, or you'll just make things worse. |
|
|
They are the only ones.