

Password: You're doing it wrong - soundsop
http://codebetter.com/blogs/karlseguin/archive/2008/07/30/password-you-re-doing-it-wrong.aspx

======
mattmaroon
Wow do I hate guys like that. Sites that force you to use letters and numbers
and have a minimum amount are so annoying.

Sorry, but your site isn't as important to me as it is to you. If I sign up, I
probably don't care if someone gets my password, and I just want to use
something short and memorable. I'm probably only signing up because I want to
save state. You should be preventing dictionary attacks by exponentially
increasing time delays between login attempts or locking a user name after a
few fails anyway. I shouldn't need that secure of a password.

Those standards might be fine for a bank, but for 99.9% of web apps they're
ludicrous.

------
akd
_shudder_ I have a password which requires letters and numbers, requires a mix
of case, and needs a capital letter. It also doesn't accept anything based on
a word -- the password "Poopio123!" was rejected for being based on the word
"opio."

The first thing I did was email it to myself.

