Comment Re:It could be worse (Score 1) 247
Cutting out so many patterns - what does that leave? How many bits entropy less?
What if such a policy is in place but randomly allows some exceptions? Then a cracker won't know if such patterns should be tried or not. Allow the patterns with the same probability that they'd have for truly random sequences. It'd be pointless, but in a way that would impress non-technical executives.
For long enough passwords and PINs, it's likely that less than half of all possible sequences could be considered patterns of any kind. So, only one bit lost at most. But on a touchtone telephone pad, there aren't that many ways to go after one button, and a lot of sequences might arguably look like patterns. Overzealous pattern prevention including geometric patterns on the keypad and numbers with meaning or patterns to the digits, along with dainty short passwords might be a problem. How can this be quantified? Is there a real problem?