-
Just a security reminder to developers...
If you *require* uppercase letters in passwords, or require numbers and special characters, you are making your passwords LESS secure because it reduces the possible number of combinations of passwords. (E.g., it eliminates combinations that are all lowercase.)
It also pisses off your users.
Also, those little indicators that show you how secure your new password is as you type it into the field, the ones that says poor, good, etc. as you enter each character? That feature makes a system less secure, because there are many more lines of code needed to examine those characters as they are typed, which means more chance for leaks of the password.
Just suggest to the user that passwords should be at least X characters long and not be too easy to guess, and leave it at that. Give users a break.
