这里的理论问题:
人们如何看待注册表对用户密码的限制?意思是,设置用户必须有大写字母、数字和特殊字符的条件是否明智?我认识到这些条件通常会要求用户设置更安全的密码,但这会让大多数用户感到烦恼(网站假设我没有能力创建安全密码,这让我很恼火)?有任何意见吗?
问问题
113 次
3 回答
3
是的,差不多。您还应该制作一个 JS 脚本来在用户输入密码时检查密码强度。只是为了通知用户,不要让他在达到一定强度级别之前提交它。
于 2012-07-21T22:18:11.607 回答
2
I would recommend some sort of password requirement to ensure basic security. However, making the requirements too stringent will hurt usability and, if they're encountering a rule they're not familiar with, could force them to create a new password which they could later forget. My advice would be to look over the requirements for popular websites such as Google, Facebook, etc. to get an idea of common requirements. If they've already encountered whatever requirements your website uses, they're less likely to get upset and can reuse memorized passwords.
Note: I know password reuse is a bad idea, but the majority of internet users don't want to memorize a new password for each site they create an account for, and it's therefore best from a usability perspective to allow them to do so.
于 2012-07-21T22:23:59.300 回答
1
You should also be careful about what characters you are going to allow in the password. Some secure input controls only allow ascii.
于 2012-07-21T22:22:37.197 回答