Here’s what Jeff Atwood, a founder of Stack Overflow thinks: Password rules are bullshit. They don’t work. They heavily penalize your ideal audience, people that use real random password generators. Hey, guess what, that password randomly didn’t have a number or symbol in it. I just double checked my math textbook, and yep, it’s possible. I’m pretty sure. They frustrate average users, who then become uncooperative and use “creative” workarounds that make their passwords less secure. Are often wrong, in the sense that they are grossly incomplete and/or insane. Seriously, for the love of God, stop with this arbitrary password rule nonsense already. If you won’t take my word for it, read this 2016 NIST password rules recommendation. It’s right there, “no composition rules”. However, I do see one error, it should have said “no bullshit composition rules”. What do you think?
Read more of this story at Slashdot.
https://slashdot.org/slashdot-it.pl?op=discuss&id=10348783&smallembed=1