Discussion on: 10 best practices to protect your users’ data (and why they’re still not sufficient)

tisnard profile image
Timothee Isnard

Completely agreed on annoying password policies, but I think it's important to balance that with helping users who manage to reliably top the bad password lists!

I'd encourage websites who want to go the extra mile to integrate with the "Pwned Passwords" API of HaveIBeenPwned.com and high-quality password strength estimators like zxcvbn instead.