When uset types new password which fails the restrictions check, server displays error message, e.g. "Password must be at least 10 characters long".
Instead, user must see all the restrictions BEFORE he|she starts typing new password. And never discover them as result of unsuccessful attempts.
Log in to post a comment.