>>>>>We had a discussion recently in the team about the length of what a password should be. Some would say the longest is the better. Well, while this may be good as an answer, I would be curious to know, before encryption, what is the length you usually have in your application for the member's table password.
>>>>
>>>>
>>>>I'd go for at least 6 chars. You can ask for eg at least one upper case char, two lower case, one digit, .. Such a test is easily done with a Regex
>>>
>>>Just vaguely wondering about the maths of password strength. Say you have a simple two character password. If you stipulate that one must upper case and one must be lower case then you are actually reducing the number of available combinations to 26x26 rather than the 52x52 which would otherwise apply :-}
>>
>>
>>
>>In that case (one upper and one lower) there are 26 * 26 * 2 possibilities ( or 52 * 26) since you can start with either upper case or lower case
>
>But still not as many as if 2 lower or two upper were also allowed.


True - but if you say at least 6, with at least one lower case and at least one upper case, then the possibilities of two (out of the 6) chars are reduced to 26. And you still have to figure out where they are