One slight problem with the article is that its author thinks that "Tr0ub4dor83" and its ilk is a long and complex password. It isn't; rather, "correct horse battery staple" is the start of a long and complex password.
XKCD 936 and all that.
Systems should stop requiring users to enter passwords that have "at least one digit, both upper and lower case, and at least one symbol". Or, at least, that should only be imposed on passwords that are are short, like less than 30 characters. The limits on password length should be very generous: into the hundreds of characters.
XKCD 936 and all that.
Systems should stop requiring users to enter passwords that have "at least one digit, both upper and lower case, and at least one symbol". Or, at least, that should only be imposed on passwords that are are short, like less than 30 characters. The limits on password length should be very generous: into the hundreds of characters.