1

I'm building a login interface for an e-commerce website and part of it is a password field.

I wonder how many characters are recommended as a minimum required that will be secure enough but will not be too heavy on the user?

Also, what will be the best decrypted way to use? (MD5 or others)

Lior Elrom
  • 19,660
  • 16
  • 80
  • 92
  • 1
    Use bcrypt to hash your passwords and the minimum length becomes less of an issue. Personally I enforce 6 chars minimum - but the fact that I've just given you my personal opinion should show why I'm voting to close this as Not Constructive. Take a look at http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php – DaveRandom Apr 15 '13 at 14:14
  • See also [this answer](http://stackoverflow.com/questions/10916284/how-to-encrypt-decrypt-data-in-php/10945097#10945097) – Ja͢ck Apr 15 '13 at 14:15
  • @Jack: encryption != hashing. You hash passwords, not encrypt them. – Madara's Ghost Apr 15 '13 at 14:17
  • 1
    Instead of a "minimum required" field, why not use a weak-medium-strong indicator? That way you don't get in the way of a sale, but do reward good password behavior. – Mike Robinson Apr 15 '13 at 14:17
  • 1
    To store the password, [use bcrypt](http://codahale.com/how-to-safely-store-a-password/). The password length is IMO mostly irrelevant: `zR2@1!` will probably be more secure than `password123` even if it's much shorter. – Schnouki Apr 15 '13 at 14:18
  • @MadaraUchiha My answer also discusses hashing of passwords. So I'm advertising my answer a little ... :) – Ja͢ck Apr 15 '13 at 14:18
  • Thanks a lot! I'll use your suggestion in my website. – Lior Elrom Apr 15 '13 at 14:19
  • 1
    If you're handling people's money, and you're not an expert in this field, please consider using an existing framework for managing user accounts rather than writing your own - usercake, PEAR, whatever. This is a very expensive area to make mistakes in... – Neville Kuyt Apr 15 '13 at 14:56
  • Thanks for your advice. I'm using CodeIgniter. – Lior Elrom Apr 15 '13 at 15:01

0 Answers0