Hacker News new | past | comments | ask | show | jobs | submit login

There is probably some truth to this, but I don't know the answer is to allow weak passwords. Every company I've ever worked for enforced some sort of minimum password requirements.

What I do find to be a PITA is when you attempt to create a password that does not meet the minimum rules and the error message gives you no indication of what you need to change to meet the requirement.

Sure, block the stupidly weak passwords.

But don't block a 6 word diceware phrase because it has not numbers (or because it is to long.... looking at you PAYPAL).

Meanwhile, I'd venture that P@ssword1 meets their requirements...

fair point.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact