If I was a bad guy and saw this, I would look for users with many different charaters in long names and brute force them, because there’s a high chance they just removed all characters in their names from the pool to generate a password, making it faster to go through the leftover combinations.
If I was a bad guy and saw this, I would look for users with many different charaters in long names and brute force them, because there’s a high chance they just removed all characters in their names from the pool to generate a password, making it faster to go through the leftover combinations.