
Password complexity rules more annoying, less effective than length ones - shawndumas
http://arstechnica.com/security/2013/06/password-complexity-rules-more-annoying-less-effective-than-length-ones/
======
Afforess
I agree. I have a much, much harder time remembering complex passwords over
longer ones. I can barely remember my SSN, and that's about the length for
complex patterns of numbers/symbols for most people.

Long strings for passwords should be the norm. I have no problems coming up
with 30-50 char long passwords from scenes in my favorite book, Alice in
Wonderland. They aren't ever going to be cracked by a dictionary, they aren't
direct quotes, aren't all the same case, and are unique. (It's much easier to
remember a long string based on each site than it is a random jumble of
letters). I eagerly await the day my bank lets me use longer passwords...

Before anyone suggests a password management tool, I inherently distrust them.
They are a single point of failure.

------
informatimago
Probability to find the substring "fucking" in passwords with complex rule
close to 1.

And indeed complex rule passwords (not the same thing as complex passwords),
WILL be written somewhere.

