I’m debating whether I should require Pass-Phrases on my new website.
Currently a Password must be…
- 8 to 15 Characters
- At least one Uppercase
- At least one Lowercase
- At least one Number
- At least one Special Character
My concern is that if I make things to difficult for people, they simply won’t become Members?!
(Let’s face it, not long ago most users struggled coming up with simple 6-8 character alphanumeric Passwords!!)
Would it make sense to leave my Password requirements as-is, and then maybe do some articles and “member education” before then forcing people to create Pass-Phrases??
Also, is the question, “How difficult must the Pass-Phrases be?”
Some research shows that even Pass-Phrases aren’t all that secure.
http://nakedsecurity.sophos.com/2012/03/19/multi-word-passphrases/
Ideally, I would like to require the following…
Pass-Phrases Requirements:
[COLOR="#FF0000"][b]- 15 to 40 Characters[/b]
- At least one Uppercase
- At least one Lowercase
- At least one Number
- At least one Special Character[/COLOR]
Is that asking too much for the average user??
If I am going to make the switch, I’d just assume do it now before I am done Testing my website. But as mentioned above, I’d hate to make things too technical and difficult and scare everyone away!!
Suggestions?
Debbie