|
|
|
|
|
|
by Leomuck
62 days ago
|
|
|
Yes, I did read up a lot about password security the last few years. But still, I'm worried a very secure policy restricts people from registering at all, see case above. What would you say is a good compromise? Another thought I have discussed a lot is, this app is not something critical. It's not online banking, it saves very little about you (as little as possible), etc. - so what does this say about the compromise? If an account was to be compromised, an attacker would only have access to the todos, music, notes of a user. Now, todos and notes could be very telling, but I'm unsure about how much of a responsiblity I have as an admin to save users from this? Do you know what I mean? |
|
|
I’d personally have a 12 length password enforcement, a password strength meter and nothing else. Possibly less if you introduce 2fa.