Came here to ask this exact question. If you know the constraints on the password string, it should be much easier to brute force 8 characters.
Broad requirements like password length is fine. Requiring a range of characters, letters, and special characters would make a brute force attack harder. Requirements like no consecutive letters or repeated letters seems to weaken the password. Why would this be a good idea?
200
u/Dyschord Mar 08 '16
Came here to ask this exact question. If you know the constraints on the password string, it should be much easier to brute force 8 characters.
Broad requirements like password length is fine. Requiring a range of characters, letters, and special characters would make a brute force attack harder. Requirements like no consecutive letters or repeated letters seems to weaken the password. Why would this be a good idea?