How do you enforce strong passwords?

Question

There are many techniques to enforce strong passwords on website:

• Requesting that passwords pass a regex of varying complexity
• Setting the password autono

Answer 1

It's been my experience that it depends really on the type of site, as you said.

If you are creating a bank or financial website then users typically understand if you have a more secure password, since their personal data may be at risk.

However for sites that typically don't contain a lot of personal information a simpler password will be fine. They may be less prone to hack attempts, and wouldn't get anything worthwhile anyway.

I've also found that most people also seem to have a couple passwords they use often. One being complex, and another being simple. So requesting they use a complex password usually won't keep people from registering.

I've never found expiring passwords to work successfully. As I said before, many people already have a set couple of passwords they use often, so asking them to go outside of this just for your site may make them not want to come back.