Hacker News new | past | comments | ask | show | jobs | submit login

Apologies if this is a common held practice which i'm unaware, but why not establish a policy amounting to: "if the system-admin can't somewhat trivially crack your password then i won't bug you about it". That is, allow any password, then if your chosen crack software can't crack that password, leave them alone. If you can crack it then: "Please select another password, as our trivial cracking software discovered it". This would strike me as a less user burdensome method which would be more generally secure than every 13 weeks: "9-12 characters including one of each of the following set"



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: