[omervk]

Re: Q8. Security questions are an anti-pattern and the rest are outside our mandate. I do not claim to have written the penultimate guide to password security :)

Re: Q9. Again, that's a great pattern, but is not a requirement to not be on our list.

This is linked to from the non-dev FAQ, but I'll make sure to add a section about 2FA to the dev section.

Thanks!

[Flenser]

Re: Q9, you could at least put in a link to zxcvb[1] so that they can be aware that it's an issue and that there's libraries for implementing it.

[1] https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-s...