We've been trying to ensure that all of our servers are configured with the "Very Strong" password requirement policy. We most definitely want to ensure a high level of security and we're fine with telling clients "too bad" when their passwords are 6 chars (for example).
However we keep finding scenarios where it's being overly restrictive when the passwords should be considered strong enough. This is creating some friction with our clients because we're trying to tell them that we're...
"Very Strong" password policy is unnecessarily prohibitive
However we keep finding scenarios where it's being overly restrictive when the passwords should be considered strong enough. This is creating some friction with our clients because we're trying to tell them that we're...
"Very Strong" password policy is unnecessarily prohibitive