Password must contain letters in mixed case and numbers
I’ve begun to realise that it’s becoming some sort of trend for sites that require registration to access to have really annoying rules for what your password should be like. I mean the usual rule is something along the lines of “between 6 – 15 characters” and they just leave it at that. But it seems that in recent times, it’s becoming more and more often that I’m met with a site that has this on their registration page:
Seriously? Is it really necessary to have such a secure password? I mean of course it depends on the context of when you apply such rules. If you’re a webhost and want your customers to make sure they have a secure enough password so that someone else won’t simply brute-force their way into the server and mess around inside, go right on ahead. You obviously need security for services like these. But for crying out loud I encountered that rule above when trying to register for a forum. Seriously? Is hacking into other people’s accounts such a big threat that such stringent rules are necessary? For such cases a simple ban/IP ban will do the job.
I know it seems like I’m making a big fuss over nothing, but my real question here is: What’s the point? You’re just unnecessarily adding another obstacle for users who want to get into your site and contribute to it. I’ve lost countless accounts in the past because I can’t remember what weird rule the site implemented for my password, and plenty of their “Recover Your Password” services don’t even work properly.
So please, site admins, if your site doesn’t require such a high level of security, don’t bother doing stupid stuff like this. Thanks.
FYI, the forum I was trying to register for was Quake-Live TV, the site which provides video with commentary of all the latest Quake Live Tournament matches. Anyone who’s interested in the game, please check it out!