Menu
Why is it considered more secure when a password is required to have a special char, upper and lower case letters as-well as numbers? Wouldn't it be more secure to allow instead of require these chars?
Let's say someone wants to break the password, wouldn't it be easier for them if they already knew that that password contains at least 1 special char, 1 upper and lowercase letter and 1 number, because it was required. Instead of the possibility for the password to contain these chars if it was allowed instead of required?
857
asked Oct 18 '25 15:10
It considered secured, from several attacks like dictionary attacks. Since the dictionary attack comes from the wordlist with common words. It's better to require these rules in front-end and backend with validation if the password meets the standards.
In development, you can use OWASP ASVS located here: https://github.com/OWASP/ASVS/blob/master/4.0/en/0x11-V2-Authentication.md
There's a checklist like:
If you follow some standards like OWASP, securing your authentication will be good.
84
answered Oct 22 '25 07:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With