|
|
|
|
|
|
by venomsnake
4766 days ago
|
|
|
It is stupid if you ask me. First - the site provider almost always overvalues his creation while the user just wants a test drive. So making you think of a secure password on the fly just means more utilization of the password recovery system. Much better approach is to accept on the initial registration and to flag the password as weak in the DB next to the BCrypt hash and when the user becomes invested you can harass him as much as you like to give a stronger one. |
|
|