Espozo wrote:
I'm really not sure as to why these websites are so crazy in how they want your password to be. I made a 8 letter password that nobody would be able to guess, unless they were like some sort of renowned super hacker or something, and then one day, they decided it wasn't good enough and wanted me to put in four numbers too. (Which is annoying, because it's now off from all my other passwords for everything else.) Why do they care so bad? I can't even list one person who'd want to break into my email. Could they get sued or something?
Don't think about you. You're not the only one the service is for. Think about people dumber than you. It is significantly easier to force a "good" password than it is to deal with the support emails from a person who has been "hacked". If someone guesses my password because my password is "password" (which by the way, is also an 8 letter password), I'm still going to want my account back. I'm going to have to contact twitter's (or whoevers) support, and some person will have to help me and verify I'm really the owner of the account.
And doing that for just five people is probably more time consuming than the simple string check they had to write to force passwords to be at least slightly harder to guess at random. And it's true that this alone doesn't stop bad passwords, like p455w0rd. But dumb stuff like that can also be filtered out in much less time than the support they'll have to deal with for account compromises.