This seems to be a very complicated topic...

In the past, experts said you should force users to make Complex Passwords like this...

- 8 to 15 Characters
- At least 1 Upper-Case Letter
- At least 1 Lower-Case Letter
- At least 1 Number
- At least 1 Special Character

From what I have read in modern times, experts say that it is safer to force users to create "Pass-Phrases" versus Complex-Passwords, because Password-Length is a larger deciding factor as to whether a Password can get guessed (e.g. "Rainbow Tables")

Of course, if a person's chose, "I like green eggs and ham" that wouldn't be very secure?!

As I prepare for my website to go live, I am still debating what to require for Passwords...

Originally I had the first example above, but this week someone corrected me and said NOT to have a Password-Length Maximum.

What do you think??