Current C10 password complexity rules require; 1 uppercase letter, 1 number, 1 special character, and 8 - 20 characters in length.
Whereas "passphrases" (often, short sentences) are frequently 30+ characters long, always include spaces, and rarely include numbers.
Example:
This meaningless passphrase, "Probing whomever doornail abruptly coast.", is arguably quite difficult to break. But with current C10 password rules; it is illegal because it is too long, it contains spaces, and it does not include a number.
So this enhancement request is that C10 password complexity rules be improved to support passphrases which:
-
Require no less than 10 characters
-
Allow up to 50 characters
-
Support embedded spaces
-
Require 1 uppercase letter, 1 special character
- And preferably, not require a number
Ref. https://www.useapassphrase.com/ - "Random passphrases provide the best combination of memorability and security."