Welcome to the mailbox.org user forum!

Repeal outdated password requirements

8853716 shared this idea 3 months ago

Mailbox.org seems to have a password composition rule that requires passwords to have upper and lower case letters as well as numbers. This is a bad and outdated practice for numerous reasons. It promotes insecure practices like writing down passwords and degrades usability. Such rules also don't tell much about the actual entropy of the password.

Please abolish such requirements. If you want to enforce strong passwords, please instead consider using a real password strenght indication algorithm that is based on real mathematics.

NIST does not recommend password composition rules, see https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf (page 53)