So, security is suppose to happen when the good guys make you enter in a really difficult password to protect something from the bad guys. Then the passwords get so difficult that everybody starts using the same password over and over. And then all the fancy password rules don't matter because the bad guy copies passwords from the easy-to-hack system to the hard-to-hack system.

My point? If you make it so difficult for a legit user, they will end-run your security attempt a different way. Think more. Make ridiculous rules less like this: 15-30 characters, no recognizable words include E=3, 1=l, 0=O, etc, 2 letters, 2 numbers, 2 upper case, 2 lower case, 2 special characters, etc. Right, make me use a password like 5Tu*ikw0#ks(Nq45, and who is going to try to remember another one that is as difficult?

Created by admin. Last Modification: Tuesday 21 of December, 2010 15:03:58 CST by admin.