Was it just me, or at least on the first page, there wasn't much here of substance? Felt very click-baity.
The grain of truth is that of course, complexity requirements can be outdated advice given social engineering (particularly password reset) and password reuse. But I would draw a line at not caring how passwords are stored. And ultimately, attackers go for the weakest link they can perceive. The first company to suggest that, like libraries, PIN numbers with default values are good enough, will be the first to have random, brute force attacks against them succeed. Unless you change the game entirely, such as by requiring two-factor authentication, a random password is still required to protect from unauthorized account access and I don't see that advice changing anytime soon. It's even easier now that such random characters can be generated by apps and browsers. Of course, such password stores might in turn be the next targets, but malware has yet to make a large dent in iOS, as far as I can tell. Let's hope we're a long way off from fake cell towers...
One slight problem with the article is that its author thinks that "Tr0ub4dor83" and its ilk is a long and complex password. It isn't; rather, "correct horse battery staple" is the start of a long and complex password.
XKCD 936 and all that.
Systems should stop requiring users to enter passwords that have "at least one digit, both upper and lower case, and at least one symbol". Or, at least, that should only be imposed on passwords that are are short, like less than 30 characters. The limits on password length should be very generous: into the hundreds of characters.
The grain of truth is that of course, complexity requirements can be outdated advice given social engineering (particularly password reset) and password reuse. But I would draw a line at not caring how passwords are stored. And ultimately, attackers go for the weakest link they can perceive. The first company to suggest that, like libraries, PIN numbers with default values are good enough, will be the first to have random, brute force attacks against them succeed. Unless you change the game entirely, such as by requiring two-factor authentication, a random password is still required to protect from unauthorized account access and I don't see that advice changing anytime soon. It's even easier now that such random characters can be generated by apps and browsers. Of course, such password stores might in turn be the next targets, but malware has yet to make a large dent in iOS, as far as I can tell. Let's hope we're a long way off from fake cell towers...