Catalog

Search our Catalog

The password requirement on the user account login is really excessive

I really don't think its necessary to require passwords to have both a lower case, upper case, punctuation and a number. This is really excessive. These requirements exceed the requirements for every secure site I have ever used: four brokerages, five insurance companies, sieight forture 500 companies I do consulting for, three retirement accounts and a dozen credit cards, etc etc. I have a sixteen character password which is plenty secure by any reasonable measure but it doesn't cut the muster for the Canton Public Library?

This password excess can actually promote insecurity because ittends to cause people to write it down becuase it doesn't match any other password they use. For me its a really pain because I have to get my password reset every single time I want to log in. Hopefully your IT director will consider changing this to a little more rational scheme.

Comments

cpl_admin
Wed, 2010-01-06 19:03

You're right that passwords with too many requirements can be less secure than more free-form passwords.

That is why Canton Public Library's website does not have any password stipulations beyond a 6-character minimum. The password strength indicator and recommendations are purely feedback mechanisms to aid in the creation of a strong password. The system will accept low-strength passwords, though using one is not recommended. This user registration behavior can be found at many websites, especially those built on the drupal content management system.

Thank you for letting us know about this potential point of confusion.