At Forem, you might have seen some recent updates to our sign-in flow.
We're working to make it empower communities to provide whichever authentication methods best serve their need — whether that is social authentication (Twitter, Google, Facebook, etc), and/or email and password. We've typically leaned towards encouraging people to sign up using social authentication because 1) that doesn't require storing passwords on our end and 2) we think that requiring social auth prevents spam and harassers from profligating on our platform. But it's not enough just to provide social oauth as an option: some communities and people want to sign up with a good ole email and password.
How do we build out email/password authentication while ensuring that we mitigate as much spam & harassment as possible? Ideally, we'd want to create and store their passwords with a password manager. But in the more common case where people don't want to use a password manager, how can we nudge them to create secure passwords? Here's where this idea comes in:
- What are your general feedback around the video you see?
- We're thinking that 10 character minimum is ideal. What are your thoughts here?
- Should requiring numbers, lowercase and uppercase characters, and symbols be part of our requirements?