For passwords I would accept anything the user can type. Ideally you'll be hashing it before storing it anyway.
Let them make it an entire sentence if they wish. You may involve certain minimum requirements, like must contain an upper case character, or must contain at least one number, must be 6+ characters in length.
Lately I've ran into a few places I started to sign up to, and gave up. Why? The password. They wanted 6-8 characters in length (9 is too long), containing at least one upper case character, and one number. 9, 10, 12 or more characters, and I could have came up with something I can remember that contained a upper case character and a number. With exactly 6-8 characters, I couldn't come up with anything I thought both complex enough, yet easy enough to remember that I wouldn't have to resort to writing it on a sticky note and attaching it to my monitor.
Update: clarified I was commenting about passwords.
In reply to Re: What are acceptable web user id & password?
by cowboy
in thread What are acceptable web user id & password?
by tariqahsan
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |