If requiring 12 character passwords made UX sense then why isn't every website doing that already?
So, in my case I'm confident that blacklist usage likely !problem and if it is I have enough monitoring to revert before business impact.
-
-
Hence, let's see how it turns out in practice. For good measure I'll also log bool(pwlen>=12) to estimate impact of that policy.
-
User count is ~450, not huge but should allow for some conclusions. Next year can test with n>5000 if it goes well.
End of conversation
New conversation -
-
-
Then do it! And as I said, I would love to hear about your experience & any info on UX/security issues.
-
@lakiw Over time, if Troy updates his list from leaks that use it, short lengths (4-7) approach bruteforce, equiv to length restrict anyway!
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
