Seriously, my bank only requires 6, why make it so complex for a developer forum?
Sorry if this is inconvenience, but we choose this for a few reasons.
First, the Okta Developer Forum is built on Discourse, which defaults user password requirements to
10 characters in length.
If you’re asking why we kept this default, I would strongly recommend reading the following:
I believe the larger issue here is that your bank is requiring only
6 characters. NIST recommends memorized secrets (passwords) be at least
8 characters in length.
But we’re talking a developer forum. Not a lot of sites require 10 chars, sites that could do a lot more harm to a person than a forum. I think there is a time and a place for requiring long passwords, IMHO a developer forum is not it. I tend to agree that a bank should perhaps require longer (but they do a validation code to cell phone so that compensates).