Launches
Coming soon
Upcoming launches to watch
Launch archive
Most-loved launches by the community
Launch Guide
Checklists and pro tips for launching
Products
News
Newsletter
The best of Product Hunt, every day
Stories
Tech news, interviews, and tips from makers
Changelog
New Product Hunt features and releases
Community
Discussions
Ask questions, find support, and connect
Streaks
The most active community members
Events
Meet others online and in-person
Advertise
How to post?
  1. Discussions
  2.  → When was the last time you saw an application accepting...

When was the last time you saw an application accepting passwords length lesser than 8 characters? 🤔

Devanand Premkumar
10 replies
Last week when I was trying to signup for an application presented here in PH, it asked me to create a password with just 6 characters. I was wondering why do we allow such a low entry barrier for the primary authentication - password. Six characters can be taken down pretty easily, courtesy of today's computing speed and efficiency. What do you think should be a minimum character length for a password to be considered safe and secure?

Replies

Tanay Gauba
Considering today's computing speed and efficiency passwords are not at all safe and can lead to data breaches in near future. The world is now switching to password-less authentication which is more convenient and safe. Password-less authentication make sure that you don't have to remember such complex passwords containing @,#.! etc..
Share
Devanand Premkumar
@tanay_gauba Your right about the issues of password. But the migration is a long way to get completed. Think about the numerous applications which needs to be switched from the traditional password based authentication to password-less authentication. I think it will take few more years considering the pace of this switching/migration that is currently happening.
Share
Tanay Gauba
@devaonbreaches I am working with a startup where we are focusing on the password less and OTP less authentication. I know it will take some time but the switch is important when you know everything around you is upgrading.
Share
Devanand Premkumar
@tanay_gauba Totally true. Upgrading is time consuming but we are all positive it will change for the good. I was also looking earlier at Prabhat's response on one of my other post and it make sense :)
Share
Jim Morrison
We request 10 or more characters... and encourage 12+ We've taken out any @#$%^& requirements because it gets too difficult otherwise... afaik it's the length that really improves the entropy/security.
Share
Devanand Premkumar
@jimbomorrison For sure the current best practice is to have 12+ characters. Am glad to see that coming out as a requirement. Please keep up the good work.
Share
Bilal Chaglani
Last week when I tried to sign up for H&M's mobile app. I think there should be no limit, not sure what they are trying to achieve by having this limit. Save space?
Share
Devanand Premkumar
@bilal_chaglani Seriously! In 2021, applications are enforcing 8 character length? That's not the recommended best practice anymore. Saving space as a requirement was valid when the storage costs were huge. Now you can get gigabytes of storage at the cost of pennies. Not a valid reason to limit on storage by length of characters. Adding to that, if they are storing the password in plain text - considering length requirements, then they have a bigger problem at hand for sure.
Share
Buse BaÅŸar
Yes, the passwords of bank applications are always 6 characters.
Share