project-navigation
Personal tools

Author Topic: Annoying forum password requirements  (Read 2043 times)

Offline lendrick

  • Cannon Fodder
  • **
  • Posts: 5
    • View Profile
Annoying forum password requirements
« on: December 10, 2010, 06:57:40 pm »
Hey folks.  I tried to sign up for the forum today (not realizing that I had already done so at an earlier date) and I ran into some pretty major annoyances when signing up.  Please understand that I'm not trying to be inflammatory here -- it's just that, if someone is taking time to sign up for your forum, they're already among the most interested 2% of your users.  You don't want to drive those people off.  The issues are as follows:

I have an old junk password that's easy to remember so that I don't have to come up with a new password every time I join a forum.  I use this junk password for accounts that don't require a high level of security (for things where I don't enter much personal information, etc).  I can't use that password here, because your site now requires passwords that a) are 8 characters long, and b) contain mixed case and a number.

This is a (relatively) small site that doesn't store personal or financial information.  The reward for account hackers is very low, and the personal risk to someone whose account gets hacked is possibly non-existent, and at worst minimal.

Furthermore, if for some reason I haven't accounted for you absolutely have to have to require high security passwords (although apparently I signed up here before this was necessary and my account has yet to be hacked), for the love of all that is holy, please enumerate your password requirements on the sign up form so that I know what they are.  If you can't do that, then at least tell me all the errors at once, rather than making me submit the page a total of three times before I find out that the password has to be 8 characters long, and requires digits and mixed case.

End rant.

Bart K.
http://opengameart.org

Offline geever

  • Project Coder
  • PHALANX Commander
  • ***
  • Posts: 2561
    • View Profile
Re: Annoying forum password requirements
« Reply #1 on: December 10, 2010, 07:31:27 pm »
This is a (relatively) small site that doesn't store personal or financial information.  The reward for account hackers is very low, and the personal risk to someone whose account gets hacked is possibly non-existent, and at worst minimal.

We encounter spam attacks regularly. I don't see a problem with strong pass. You should use strong passwords everywhere.

-geever

Offline lendrick

  • Cannon Fodder
  • **
  • Posts: 5
    • View Profile
Re: Annoying forum password requirements
« Reply #2 on: December 10, 2010, 07:48:25 pm »
Spam attacks suck, it's true.  Two things, though:

* Unless your spam attacks come from hacked accounts, requiring strong passwords is unhelpful and arbitrary.  Ever single spammer that's ever hit my site has done so after signing up for a new account.  Have any accounts here ever been hacked and used for spam?
* This doesn't address the UI problem of the password strength requirements not being listed on the page.