Password Requirements

Our password requirements are simply that they must be at least 8 characters.

Why don't you require strong passwords?

This article, based on changes by NIST (National Institute of Standards and Technology) towards their own password requirement recommendation, explains why latest best practices encourage the use of passphrases over strong password requirements. We've taken the approach that passphrases are, in general, more secure than strong passwords and allow them to be used (and the FBI agrees with us). We also allow people to use shorter strong passwords as well if that's their preference. We also believe that easily guessable passwords aren't actually discouraged by adding more password requirements (and, in fact, weak passwords end up being more common). Lastly, we believe that strong passwords end up causing people without a password manager to just reuse the same password in numerous applications, exposing individuals to credential stuffing attacks.

Examples of passphrases:

IHaveACatNamedSally
IUsedtoLiveInNewYork
PizzaIsMyFavoriteFood

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us