Hacker News new | past | comments | ask | show | jobs | submit login

> not more than 2 identical characters in a row (e.g., 111 not allowed)

Why? If my password is id8FK38f@&&#d is it inherently less secure if 111 appears in the middle of it somewhere?

Next revision:

> no prime numbers, no more than 2 even or odd numbers in a row (e.g., 644 not allowed), no sequence of 2 or more characters may repeat more than 2 times (e.g. aabaa not allowed), no ascending or descending sequences longer than 2 characters in a row (e.g. 123 or cba not allowed)

These are just rules for the sake of having rules. It's downright silly and honestly it makes OWASP look like a joke to have something this ridiculous on their domain.

That was actually sarcasm (reductio ad absurdum), not an actual quote.

I think I've seen password restrictions similar in spirit to those, though.

I honestly couldn't tell. I think that in itself says something...

I agree. Arbitrary rules like this bug me especially since it reduces the number of passwords that a hacker has to try.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact