What's a reasonable minimum max password length? I've always fallen back on the Wikipedia Password strength article [0], for the NIST recommendation that 80 bits is sufficient entropy. I imagine that attack vectors other than password strength are for the most part going to be the killer issue. (heartbleed, MITM attacks, rubber hose, tempest, etc...)
Assuming that we're talking about purely randomly generated passwords, the entropy of passwords generated to fit in at least a few of the cases in the the original article should be fine. The UX factors are annoying however. This is an area where consistency would assist conformance.
Assuming that we're talking about purely randomly generated passwords, the entropy of passwords generated to fit in at least a few of the cases in the the original article should be fine. The UX factors are annoying however. This is an area where consistency would assist conformance.
[0] https://en.wikipedia.org/wiki/Password_strength#Bit_strength...