Why does nobody talk about how bad the 'strong password' advice really is?

I was setting up a new account for my bank last week and their system forced me to create a password with a capital letter, a number, and a special character. I thought that was the right way, but then I read a report from a security group in Austin. They said those rules actually make people create predictable, easy-to-crack passwords like 'Password1!'. The real tip is to use a long, random phrase you can remember. Has anyone else switched to using passphrases instead?

3 comments

3 Comments

quinn_reed1713d ago

The worst part is when sites block pasting from a password manager. It forces you to type out a complex password in plain sight.

max_brown12d ago

Just makes you want to leave the site honestly.

shanef3412d ago

Exactly. It's like the rules are made by people who don't use the internet. They force these weird combos that are hard for humans but easy for bots to guess. @max_brown is right, it just makes you want to quit. You see it everywhere, from banks to your local gym sign-up. They focus on the wrong thing, making you jump through hoops instead of letting you make a actually strong, long password. It's security theater.