Wow do I hate guys like that. Sites that force you to use letters and numbers and have a minimum amount are so annoying.
Sorry, but your site isn't as important to me as it is to you. If I sign up, I probably don't care if someone gets my password, and I just want to use something short and memorable. I'm probably only signing up because I want to save state. You should be preventing dictionary attacks by exponentially increasing time delays between login attempts or locking a user name after a few fails anyway. I shouldn't need that secure of a password.
Those standards might be fine for a bank, but for 99.9% of web apps they're ludicrous.
shudder I have a password which requires letters and numbers, requires a mix of case, and needs a capital letter. It also doesn't accept anything based on a word -- the password "Poopio123!" was rejected for being based on the word "opio."
Sorry, but your site isn't as important to me as it is to you. If I sign up, I probably don't care if someone gets my password, and I just want to use something short and memorable. I'm probably only signing up because I want to save state. You should be preventing dictionary attacks by exponentially increasing time delays between login attempts or locking a user name after a few fails anyway. I shouldn't need that secure of a password.
Those standards might be fine for a bank, but for 99.9% of web apps they're ludicrous.