Hey I love this project… but team, this is a mega fail on the password requirements on the Daedalus wallet. Requiring an uppercase, lowercase, a number etc is provably less secure than just a long sequence of random words… It is a relatively small thing, but it kind of creates some cognitive dissonance for me since my understanding is that the entire point of this project is that it is peer reviewed by the scientific community etc.
Someone on the team should read this and then the obvious question becomes why enforce a provably less secure password requirement. Sure a decade ago this was probably a decent heuristic, but even forbes is writing about this stuff now.
I would much prefer to have a easy to remember, very secure password, than a hard to remember relatively speaking less secure password. It just doesn’t make sense.
I’m not expecting this to get changed, but I was mostly just REALLY surprised. This is an $18B cryptography project and this is kind of like first year undergrad college crypto 101…
Love to hear any thoughts here.