I thought about doing that myself, but didn't. If your main goal is to increase sales and recurring retentions then you have to make things as simple as possible.
Most surfers don't know how to clear out or manage their browser's "auto-complete" or "save password" feature. Change their password every month and they'll never get their login to work again. I have a hard enough time with members who can't remember the username/password they chose themselves.
Could also affect chargebacks. Sometimes a member will just cancel or CB rather than emailing the webmaster for help. And then you have to worry about the Russians cracking your random generator and exposing your entire member base.
I force them to use at least five characters, and don't allow the username "username" or anyones password being "password". Add in a good password management program that blocks dictionary attacks after 15 failures, that's it.
If I were to change anything, it would be to force all lowercase logins, but it is too late to change that on my database. At any given time, I can watch members login and they always try the lowercase version first.
|