What should I consider to be an invalid password?

Krizalidfx

New Member
When users are choosing a password for my application, what restrictions should I apply, if any, and what should I consider to be an invalid password?For example, I have read about trimming off whitespace, restricting only to ASCII characters, etc, but these seem to be opinions or application dependant.I am aware of forcing requirements on passwords such as a minimum of two symbols, two numbers, etc. but I am more interested in what restrictions I should apply.
 
Back
Top