creating the correct password parameters for a site, with cc details stored



  • I am trying to think of the best requirements to set a password for a customer relationship management cloud software service. A credit card is stored on the site, which is only useful to the site owner i.e. if someone else logged in, they wouldn't get much benefit.

    So here are my options:

    1. min 6 character password - simple and easy, they can use their favorite password, and won't struggle to remember it.

    2. min 8 chars, 1 upper case, 1 number, 1 non-alphanumeric character - secure, but it gets annoying, and if you forget the password, it's hard to remember.

    3. min 6 chars, 1 number, 1 upper case - somewhere in between, a bit more secure, and a likely chance they can still enter their favorite password.

    Thoughts?



  • I would go with option 2. Eight characters is what Microsoft and the NIST requirement recommend.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2