Why you shouldn’t have a password policy

A story of one man’s battle with password “strength” requirements.

  • Start with a “letmein”
  • App says “Password must include a capital letter”
  • User enters “Letmein”
  • App says “Password must include a number”
  • User enters “Letmein1”
  • App says “Password must include a special character”
  • User enters “Letmein1!”

Instead of forcing users into using a password which is hard for them to remember but easy for machines to attack, encourage good practices like LastPass and promote the use of a passphrase rather than a password.

Leave a Reply

Your email address will not be published. Required fields are marked *