fxuser fxuser - 1 month ago 20
PHP Question

Password Strength Pattern

Should I use a password pattern like a-zA-Z0-9 and also require at least one of each character class in the password, or simply allow anything inside the password?

What do sites allow the user to use as his/her password? Is there anything else I should consider?

Answer

a-ZA-Z0-9 is overly limited. You should let me use any characters, and enforce minimum requirements (i.e. at least 8 characters, at least one letter and one number)