Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Robin Winslow Morris 20 posts 82 karma points
    Jan 14, 2013 @ 17:03
    Robin Winslow Morris

    Should member passwords really contain 1 non alpha numeric character?

    Default Umbraco offers this helpful hint when choosing a password for members:

    Password: The password should be a minimum of 7 characters long and contain at least 1 non-alpha numeric character(s)

    There are plenty of password cracking algorythms out there that are very good at predicting where people will use non-apha-numeric characters in their passwords, such that they really don't make the password that much stronger. See: It is *always* more beneficial to make a password longer instead. I.e. compose it of multiple words. Easy for humans to remember, hard for computers to guess.

    I would like to suggest that this particular tip is removed, because I would like to advise users in my organisation *not* to use random capitals, numbers or non alpha-numeric characters because it's far more useful that a person be able to accurately remember their password than the very slight complexity that this adds for a cracking algorythm.


  • Lee Kelleher 3906 posts 14864 karma points MVP 10x admin c-trib
    Jan 15, 2013 @ 10:58
    Lee Kelleher

    Hi Robin,

    I guess the message was put in as a guideline a long time ago. Of course, general opinions towards password strengths/patterns are changing/evolving.

    I'd suggest raising a ticket on the issue tracker with any suggestions/improvements you have.  Also opens it up to further discussion amongst the core team.

    Thanks, Lee.

  • Robin Winslow Morris 20 posts 82 karma points
    Jan 15, 2013 @ 14:09
    Robin Winslow Morris

    Thanks Lee

    Glad you agree, I've created a ticket:


Please Sign in or register to post replies

Write your reply to: