Why Have Password Rules?

April 22, 2013

Starting this week we’ll be upgrading our customers who use datAvenger Pro 5 to our latest version, dA Pro 5.3. One of the more visible new features of this update is an even higher level of security for user account information. While this is a good thing for everyone, it might seem like more of an annoyance than a benefit at face value for our users, and I wanted to take a little time and explain why we’re making the change.

The Sephone Password Policy

We’re beginning to enforce our Sephone Password Policy for user accounts in datAvenger Pro, and we’ll expand these requirements to our other products in the future. Alan covered some of the basics of password security in a post from last year, and our official Sephone policy is very similar to what he suggests in that post. We’ll be enforcing the following requirements for passwords:

  • At least 8 characters long
  • At least one lower-case letter
  • At least one upper-case letter
  • At least one number

Of course, you can make your password as long as you like, and you can use special characters like %, #, and * to make your password even more secure. Every user password needs to adhere to at least the rules we’ve listed, though.

Because we already encrypt passwords for user accounts, we’re not able to check to make sure the password you already have meets these rules. When you log into one of our services that includes these new password requirements, you may be prompted to re-enter your password to make sure it’s acceptable.

The reasons behind the change

We know that remembering strong passwords can be tough. You may be asking, “Why can’t I just use the name of my dog?”

You’ve probably heard news about accounts on major online sites being hacked lately. Malicious hackers can use programs that check for commonly-used passwords or passwords that are simply English words (something known as a dictionary attack). Once they’ve been able to log into an account, they can deface a site, or if they’re feeling particularly nasty, they can try to gain access to the server or the contents of the database.

These new, more stringent password rules make it tougher for anyone to crack a password and gain access to your administration area. Combined with some upgrades behind the scenes that make your account even more secure, we’re doing everything we can to make sure your site is safe.

If you’re really struggling to create a new password, try this: think of a sentence or quote that you’ll remember, and use the first letter of each word as your password. If you wanted to use one of my favorite quotes from computer scientist Alan Kay, for instance – “The best way to predict the future is to invent it” – your password could be Tbw2ptfi2ii. (Use a different quote that you’d remember, of course!)


Justin is a web and mobile developer at Sephone. He's interested in user-driven design, social media, and web services. He also enjoys learning and exploring new ways for businesses and people to use the web.

Leave a Reply

Your email address will not be published. Required fields are marked *