I'm debating whether I should require Pass-Phrases on my new website.

Currently a Password must be...
Code:
- 8 to 15 Characters
- At least one Uppercase
- At least one Lowercase
- At least one Number
- At least one Special Character

My concern is that if I make things to difficult for people, they simply won't become Members?!

(Let's face it, not long ago most users struggled coming up with simple 6-8 character alphanumeric Passwords!!)


Would it make sense to leave my Password requirements as-is, and then maybe do some articles and "member education" before then forcing people to create Pass-Phrases??

Also, is the question, "How difficult must the Pass-Phrases be?"

Some research shows that even Pass-Phrases aren't all that secure.



Ideally, I would like to require the following...

Pass-Phrases Requirements:
Code:
- 15 to 40 Characters
- At least one Uppercase
- At least one Lowercase
- At least one Number
- At least one Special Character

Is that asking too much for the average user??


If I am going to make the switch, I'd just assume do it now before I am done Testing my website. But as mentioned above, I'd hate to make things too technical and difficult and scare everyone away!!

Suggestions?


Debbie