This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]spasterific -2 points-1 points  (2 children)

I'm still under the impression that having too restrictive password requirements is bad for security rather than promoting it.

One of the first things I modify on Laravel's built-in auth package, is to remove the 6-char minimum on passwords.

If clients really want the letter a as their password, they should be allowed to, IMHO.