Password complexity rules greatly decrease my password security, that's for sure. Left to my own devices I'd use a 17 digit alphanumeric string that I can easily remember despite it being complete gibberish and effectovely unbrute-forcible.
But with arbitrary complexity rules...it's too long and ermagerd no capital letters? Not allowed! And it needs to change frequently, so now I have to rotate through bad passwords in the vein of Password1, Password2, rinse and repeat and sticky note...
Password complexity rules greatly decrease my password security, that's for sure. Left to my own devices I'd use a 17 digit alphanumeric string that I can easily remember despite it being complete gibberish and effectovely unbrute-forcible.
But with arbitrary complexity rules...it's too long and ermagerd no capital letters? Not allowed! And it needs to change frequently, so now I have to rotate through bad passwords in the vein of Password1, Password2, rinse and repeat and sticky note...
(post is archived)