Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When users are choosing a password for my application, what restrictions should I apply, if any, and what should I consider to be an invalid password?
For example, I have read about trimming off whitespace, restricting only to ASCII characters, etc, but these seem to be opinions or application dependant.
I am aware of forcing requirements on passwords such as a minimum of two symbols, two numbers, etc. but I am more interested in what restrictions I should apply.
I don’t think anything should be an invalid password. If you can hash it to store it and later compare against, you should be able to use it as your password. Restricting the strength of passwords does nothing useful.