Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
All of those things can be verified before storing the password in any way, encrypted or not, and checking them would be a requisite before storing it.
While it’s true that they don’t have a significant impact on the hash generated, they make it significantly more difficult for anyone to guess your password. It’s much easier to guess password321 than something like Or^9L%u&QQ12XxI@. And that has nothing to do with how the password is ultimately stored.
Of course, requiring at least one symbol or upper case letter etc is a good idea, along with a minimum length. Many websites won’t let you use a password longer than a certain amount of characters. The only reason for that limitation is that they are storing the database field as plaintext, and anything longer will not fit into that column.
All of those things can be verified before storing the password in any way, encrypted or not, and checking them would be a requisite before storing it.
While it’s true that they don’t have a significant impact on the hash generated, they make it significantly more difficult for anyone to guess your password. It’s much easier to guess
password321
than something likeOr^9L%u&QQ12XxI@
. And that has nothing to do with how the password is ultimately stored.Of course, requiring at least one symbol or upper case letter etc is a good idea, along with a minimum length. Many websites won’t let you use a password longer than a certain amount of characters. The only reason for that limitation is that they are storing the database field as plaintext, and anything longer will not fit into that column.