> Consider that you are just practicing cargo-cult security though.
No, I really am not. But as I didn't describe my reasons, you don't have the context to understand them.
Frankly, if Netflix has 4-character passwords, I would expect it to be relatively easy to compromise their accounts live with a carefully put together campaign. If Netflix gets their username/pw database dumped, I expect we'll see their policy change as the passwords are trivially cracked.
Not only that, putting together a safe & sane password retry system isn't the easiest thing every, and doing careful fraud detection based on geolocation/ip etc isn't the easist thing ever either. Particularly when I don't have someone working full-time on security.
Further, what you also didn't know is that the password strength functions as written have knobs I can adjust if things are too onerous.
So having harder passwords goes a long way towards 'better security' on the account side for little effort.
I would advise you to be more cautious about making unsubstantiated statements based on ignorance in the future.
No, I really am not. But as I didn't describe my reasons, you don't have the context to understand them.
Frankly, if Netflix has 4-character passwords, I would expect it to be relatively easy to compromise their accounts live with a carefully put together campaign. If Netflix gets their username/pw database dumped, I expect we'll see their policy change as the passwords are trivially cracked.
Not only that, putting together a safe & sane password retry system isn't the easiest thing every, and doing careful fraud detection based on geolocation/ip etc isn't the easist thing ever either. Particularly when I don't have someone working full-time on security.
Further, what you also didn't know is that the password strength functions as written have knobs I can adjust if things are too onerous.
So having harder passwords goes a long way towards 'better security' on the account side for little effort.
I would advise you to be more cautious about making unsubstantiated statements based on ignorance in the future.