Improvements to account creation #30
Comments
|
Is django-password-strength of any use? Also, (future improvement) this would be a great place to include the Geek.Zone affiliate link to LastPass |
|
I'd argue that password length is more important than complexity, see I do agree that login throttling, 3 bad login attempts every hour for example, is a good idea. We could combine this with an email to the account holder, something like, "Someone just tried, and failed, to log into your Geek.Zone account. Your account is safe, however just to be sure you might like to change your password." |
|
Would recaptcha be a better first step than blindly throttling? I've created keys for geek.zone, where should I put them? |
|
Split to #43 |
|
@CarwynNelson and I have agreed that we will change the password length to 9. Should ideally use the built in methods to check for common passwords. Post MVP we could have a password strength indicator that only goes fully green after 16 characters. |
The text was updated successfully, but these errors were encountered: