Password Reset
From:
Dan Randow
Date:
2007 Oct 29 03:20 UTC
Short link
Michael,
'Confirm password' seems succinct and unambiguous to me.
I agree that we should not place onerous restrictions on passwords. I
think that a strength meter, if well-done would be kinda fun, for people
with all levels of familiarity with security (geeks could compete for
the highest score). This, and the chance to usefully educate people
would mitigate the confusion that would be caused for some. I suspect
that most people do not perceive a high security risk over access to
GroupServer sites. They just want a password they can remember. So is it
worth us going to the trouble of adding the meter?
As we are requiring passwords to be non-blank, we have the opportunity
to require them to be of a minimum length (say 6 characters), without
being onerous. Does that create enough strength to be worth considering?
And are all those commas (even the one in "messages, to") necessary?