lolwut's Web Site

The Internet is Serious Business!


Home > Computers, Technology, and Internet > Password Strength Requirements, Then and Now


Password Strength Requirements, Then and Now

Password Strength Requirements Then

An example registration form

Thank you for signing up for our Web site! Please select a username and password for your new account.

  1. Please enter your desired username in the Username field. Usernames cannot be longer than 32 characters.
  2. Please enter your desired password in the Password field. Passwords must have a length of between 8 and 32 characters. We believe that 8 characters is a reasonable minimum length, and the upper limit exists to prevent people from using absurdly long passwords.
  3. We highly recommend that you choose a strong password. What, exactly, constitutes a strong password is not universally agreed upon, but most will consider a password containing a mix of uppercase letters, lowercase letters, numbers, and special symbols strong, whereas those which contain dictionary words, personal information about you, or the username weak. A weak, easily-guessed password might jeopardize the security of your account, and increase the likelihood that, one day, you will discover that somebody has gained unauthorized access to it. If you are unsure or simply curious, we recommend that you perform a simple Web search about password strength.
  4. However, we realize that this is your account, not ours or anybody else's: therefore, it must be concluded that only you, and not us, are ultimately responsible for the level of security you decide to dedicate to it. We believe, of course, that a strong password is to be preferred over a weak one; but we realize that not everybody can or will provide a strong password for various reasons (e.g. ignorance, laziness, difficulty in remembering yet another password, or the fact that they do not value this account very much), and, indeed, that some will provide abysmally weak passwords (such as using password for their password). That some will provide extremely weak passwords must not ever mean that we shall prevent them—or you—from choosing to do so, for we must respect your choices concerning the level of security you dedicate to your own account.
  5. [On some fancier Web sites] We even provide a real-time indicator of the strength of your password as you type it in! With this, it is our hope that we may educate and assist you in the process of choosing a strong password. However, this real-time indicator shall only ever be a helpful guide; the only requirement for your password is that it must be between 8 and 32 characters.

Password Strength Requirements Now

An example registration form

Thank you for signing up for our Web site! Please select a username and password for your new account.

  1. Please enter your desired username in the Username field. Usernames cannot be longer than 32 characters.
  2. Please enter your desired password in the Password field. Passwords must have a length of between 8 and 32 characters. We believe that 8 characters is a reasonable minimum length, and the upper limit exists to prevent people from using absurdly long passwords.
  3. It is important that you choose a strong password. A weak, easily-guessed password might jeopardize the security of your account, and increase the likelihood that, one day, you will discover that somebody has gained unauthorized access to it. Although we are confident that you are among those who know better, there are, unfortunately, people out there whose attitude towards password security is so terrible—such as, for example, those who use password as their password—that we feel we must prohibit the use of any of the most commonly-used passwords when you register your account, more for their sake than for your own.
  4. We are also aware that password cracking software typically tries dictionary words first, and, as such, we have also prohibited the use of any unaltered dictionary word as your password. We are sure that you knew this, of course; but there are many out there who do not.
  5. After some consideration, we feel uncomfortable knowing that some of our users might select a password consisting of only lowercase letters, which, in our judgment, is too easily guessed; consequently, we have effected the requirement that all passwords must contain both uppercase and lowercase letters. We are doubtful that you are among those who would choose an all-lowercase password, so this requirement should not affect you.
  6. After further consideration, the thought of one of our users—most likely someone else, and probably not you—with a password as brief as 8 characters long disturbs us. We have therefore doubled the minimum password length to 16 characters.
  7. Come to think of it, there are many people out there who have a rather poor attitude when it comes to account security. We cannot be sure anymore that you are among the better ones. We are doubtful that such a group of people (to which you may or may not belong) can be trusted with the security of their own account unless we institute a further requirement that all passwords must now contain numbers, in addition to uppercase and lowercase letters.
  8. Even then, we are sure that such a group of ignoramuses—to which we are beginning to believe you belong—will still leave their accounts vulnerable by selecting a password which we feel in our hearts is too weak, because it is a mere 16 characters long: to rectify this, all passwords must now be at least 24 characters in length.
  9. Are you aware of the fact that password crackers are much less likely to crack passwords that contain special characters? (You need not perform a search of this; just trust us, we know. Just trust us.) No, of course you were unaware of this; you know too little for your own good. We are quite certain that you, like too many others, are ignorant of the basics of choosing a strong password, so we have taken the liberty of requiring that all passwords must contain a mixture of special characters, numbers, uppercase letters, and lowercase letters.
  10. We lose sleep at night knowing that you and every other cretin would, in a disgusting display of hubris, dare select a password with a length as tiny as 24 characters. We have thus decided that every password must be exactly 32 characters in length.
  11. It still haunts us every hour of the day to know that, even with these rules, surely you will find a way, somehow, to wreck it; there is not a doubt in our minds that, unless something more is done, very soon everybody's accounts shall be hacked. You might, for instance, select a password with one number, one uppercase letter, and one special character, all placed at the beginning, with the remaining 29 characters all lowercase letters. Are you trying to shoot yourself in the foot? When it comes to password strength and account security, you clearly know nothing; we clearly know best. You should be thanking us when we save you from our own stupidity by rolling out our latest requirement: that all passwords must contain exactly 8 lowercase letters, 8 uppercase letters, 8 numbers, and 8 special characters.
  12. No, it is not enough! You and everybody else are all morons: not only do you not know the fundamentals of password security, but to try and educate an idiot like you in such a complex matter is nothing but an exercise in futility. Do you not understand how important it is to keep your account secure? We do not care one bit if you do not value your account highly, for we know that you lack the intelligence to grasp the importance of it. We know best, kid, and we believe that your account must be protected with a strong password. Know that when we have implemented our newest requirement that every password cannot contain two or more consecutive uppercase letters, lowercase letters, numbers, or special symbols, it is a heavy burden which we shoulder for your own good. You ought to be grateful to us, you wretched fool.
  13. We have finally concluded that giving an ape like you even that much freedom with your password is unthinkable, for we know how difficult and straining it is for an utter dumbass like you to think. We have decided to take the thinking on your part out of the matter entirely, and have provided everybody with the same password, which shall be *Z-3dYp1$Xq9mL6[4Hs0kK&v8!uI@7)G. We are quite proud of ourselves for producing such a strong password; at last, everybody's account is equally secure!

Valid HTML 4.01 Strict Best viewed with Internet Explorer Proudly made on Microsoft Windows Support freedom of speech Hosted on Neocities Adobe Flash will never die Java applets will never die

Copyright © 2018 lolwut

Creative Commons CC BY 4.0 License All written materials on this Web site are my own, and all are licensed under a Creative Commons Attribution 4.0 International License.

This page last modified on 16 November 2018.