Comment Over-engineering a fix (Score 1) 277
The worst part is the response to this kind of thing... Propeller-heads around the world will set their Password Service to require more complex content, such as 14 punctuation marks, etc.
Personally, as a published expert on this subject, I think that is the worst thing to do. THe problem is, that as more sites "tighten" to stronger content, people start to write them down and that's far worse... Lose the little black book or the iPhone and everything is gone. Make your rules that much more complex and suddenly the patterns people have been using for years (patterns, not always values) no longer work, forcing the "backup" system to memorizing it.
The other thing is that some sites simply need to get over themselves... A donut shop need not require 16 character passwords, email confirmation and CAPCHA just to get info about the latest sales...
To paraphrase somebody else: Passwords are a horrible form of authentication, just better than everything else [for typical uses].
Personally, as a published expert on this subject, I think that is the worst thing to do. THe problem is, that as more sites "tighten" to stronger content, people start to write them down and that's far worse... Lose the little black book or the iPhone and everything is gone. Make your rules that much more complex and suddenly the patterns people have been using for years (patterns, not always values) no longer work, forcing the "backup" system to memorizing it.
The other thing is that some sites simply need to get over themselves... A donut shop need not require 16 character passwords, email confirmation and CAPCHA just to get info about the latest sales...
To paraphrase somebody else: Passwords are a horrible form of authentication, just better than everything else [for typical uses].