How Password Policy Affects Signups


#1

I’m looking for a study or a research on how password policy affects signups. I’m sure there must be something available, but I’m unable to find it.

So one of my client wants me to implement a password policy. You know, your password must contain a special character, one upper case, lower case types. He is being very full on about it.

I recommended suggesting the password strength (like how Google does) instead of a hard and strong password rule, but it would be nice to cite some studies.


#2

Is this article of any use? The True Cost of Unusable Password Policies: Password Use in the Wild

As an aside, I find password policies today infuriating but can see why people choose to use them. Interestingly the article above states that people use insecure passwords as a result, which totally defeats the purpose. I deal with it personally by using 1Password. Problem solved!


#3

I feel compelled to offer up this little gem from xkcd…


#4

Ive found using the strength indicator type system can be an opportunity to add a little positivity or personality to what might be a mundane process.

Instead of ‘weak, medium, strong’ feedback messaging, you could consider using ‘pretty good, great!, nice job!’ etc ', or whatever is appropriate for your audience

Ben.


#5

Although password strength suggestions are welcome, maybe you should consider a more visionary approach and forget about passwords altogether, going for a different flow. Here’s an article about that: https://medium.com/cyber-security/9ed56d483eb


#6

Beat me to it.