

Over Constrained Passwords - aaronsnoswell
http://elucidatedbinary.com/2012/09/over-constrained-paswords/

======
dwj
I guess Apple must have changed things recently. My Apple password is a
6-letter dictionary word with a '1' at the end (the same insecure password I
use for all sites I don't really give a shit about). They haven't asked me to
change it yet.

I basically have 2 passwords: secure (for bank accounts) and insecure (for
everything else) that I use for all sites except the root password of my
server (which I have a set of random chars that I have memorized). I agree
it's ridiculous forcing people to have a convoluted password, as they'll need
to write it down to remember it. And if your site is properly designed, having
a dictionary/short word as a password shouldn't matter. Apple seem to have
gone from ridulously lax security to ridiculously over-the-top after their
recent gongshow.

And before anyone flames me I do know wtf I'm talking about. I wrote brute
force passwd file crackers 20 years ago, and got all the root passwords at
school/university by writing packet sniffers.

