|
Title: Is it safer to enforce strong password policies or just strongly suggest them? Post by: TiagoTiago on August 08, 2011, 05:26:10 AM I would think strongly suggesting people to follow strong password policies without hardcoding the policy and letting people use any password they want would be more secure, since if you enforce the policy you tell potential attackers they can skip thousands of combos (say, if you don't allow less than 20 chars, the attacker won't need to try any of the thousand passwords with less than 20 chars; if you demand there always must be at least one low case, one high case, one digit and one symbol, the attacker won't have to try any of the thousands of passwords that don't got at least one of each and so on)
What do you think? Title: Re: Is it safer to enforce strong password policies or just strongly suggest them? Post by: silverchair on August 08, 2011, 07:32:06 AM Thumbs up.
|