Comment by alexb_
3 years ago
> instead of testing password length/number of characters, I look for overall entropy in the formula of [alphabet length for char set used]^(number of letters in password).
You should do none of this. It shouldn't be the websites concern if my account gets hacked - basic password requirements are fine, but anything that goes past a character count is just making the UX worse. The requirements increase friction, which you've already put at a high level due to requiring payment.
No comments yet
Contribute on Hacker News ↗