Hello,
I have 2 suggestions, both of them pretty standard and something I find unusual to not already be implemented...
- Include password requirements in the registration page
I just signed up for an account and registered using a typical password; Long and complicated with plenty of symbols and random characters.
Code:
lE&w6Sc|zAJCf)>t&M$JHS0y~HSt#x=<?;-zfV[nuXHbo>OY6%TWis<z,[y9
However, unknown to me was that my account would be created successfully, however I'd be unable to actually login with my password. I ended up exceeding my limit of 5 attempts, waited 15 minutes, tried again, failed, and then reset my password. I figured I must have messed up the registration so I tried changing my password, which worked, but once again I was locked out of my account and had to do another password reset.
For anyone who uses a password manager, a password like this is typical. I don't know of many sites that don't mention password requirements, or at-least throw an error if your password is invalid. I haven't bothered to change it again since I have no idea what my limits are.
- Provide a dedicated login page with a unique title/slug
Lots of password managers (KeePass in my case) rely on a unique title/url to know when you are on the login page of a certain site and then either fill in the login form or allow for reliable auto-typing.
I've been unable to find a dedicated login page to register with KeePass, so I have to use a wildcard (*) to match all pages on the domain. It's a not a deal-breaker, but I know it's not very difficult to edit the title of an html template or just add a new page for login.php that presents a basic login form.