Comment by jjcm

3 years ago

Interesting, I was able to sign up with it.

Can I ask if you're using a password manager / what browser you're using?

Also for context, instead of testing password length/number of characters, I look for overall entropy in the formula of [alphabet length for char set used]^(number of letters in password). The one you described is well above the limit.

> instead of testing password length/number of characters, I look for overall entropy in the formula of [alphabet length for char set used]^(number of letters in password).

You should do none of this. It shouldn't be the websites concern if my account gets hacked - basic password requirements are fine, but anything that goes past a character count is just making the UX worse. The requirements increase friction, which you've already put at a high level due to requiring payment.

LastPass. I think maybe you're not detecting when LastPass fills it in, only when typed?