Reputation: 121
Why do some websites/applications require that passwords must begin with a letter?
Some number of websites/applications require that a password must begin with a letter, I find this plain stupid. It's pretty annoying... and the password entropy (security) is greatly reduced. So my question is... Is there a reason why some developers would choose this?
The only reasons I could think of are:
- They are sheep (Seen it required somewhere else and just copied the trend)
- Some just implement it because that's the little regex they know
- Just to create a false sense of security for their clients
(Asking because I'm developing an app to manage user passwords and thinking to alert the users that if the website asks for that, they should not trust their security)
Upvotes: 2
Views: 256
Answers (1)
Reputation: 24071
Regarding security there is no reason such a password requirement makes sense, you already gave the answer yourself. I do not think that giving out a warning is necessary though, because the implementation is not necessarily an unsecure one.
In my opinion the only reasonable restriction for passwords is a minimum length. Other requirements can interfere with good password schemes and can actually reduce the strength of passwords, because users will switch to weaker passwords like "Password2014".
Upvotes: 1
Related Questions
- What characters would you make invalid for a password?
- Why is the use of special characters in passwords considered to be a strong password?
- Password required special char vs Password optional special char
- Is there a reason why certain sites don't allow periods in passwords?
- Password systems which ask for individual letters - what do they store?
- Why restrict the length of a password?
- Why have case sensitive usernames?
- What is a set of sensible requirements on passwords?
- Why do so many sites disallow the use of non-alphanumeric characters in passwords?
- Why do web applications insist on defining strict password rules?