Don't require 10 characters as min password length in a dev forums


Seriously, my bank only requires 6, why make it so complex for a developer forum?


Sorry if this is inconvenience, but we choose this for a few reasons.

First, the Okta Developer Forum is built on Discourse, which defaults user password requirements to 10 characters in length.

If you’re asking why we kept this default, I would strongly recommend reading the following:

I believe the larger issue here is that your bank is requiring only 6 characters. NIST recommends memorized secrets (passwords) be at least 8 characters in length.


But we’re talking a developer forum. Not a lot of sites require 10 chars, sites that could do a lot more harm to a person than a forum. I think there is a time and a place for requiring long passwords, IMHO a developer forum is not it. I tend to agree that a bank should perhaps require longer (but they do a validation code to cell phone so that compensates).