3
A senior engineer told me my password policy was too strict
He said forcing 20-character random passwords just made everyone write them on sticky notes, so I switched to passphrases like 'correct-horse-battery-staple' style combos instead. Has anyone else found that simpler rules actually improve security compliance?
3 comments
Log in to join the discussion
Log In3 Comments
craig.sage1mo ago
Is sticky-note chaos really that big of a deal for most companies though?
9
veram991mo ago
Oh yeah, sticky-note chaos is a HUGE deal in my experience. I've seen whole projects go off the rails because someone's "brilliant idea" on a yellow square got lost under a coffee mug or fell behind a desk and nobody noticed for a month. The worst was when a team spent two weeks trying to find a key customer request that was written on a neon pink sticky and had somehow ended up stuck to the back of a filing cabinet. Your mileage may vary, but for any company that actually relies on quick brainstorming or meeting notes, that stuff turns into a real mess fast.
8
kai_park1mo ago
See sticky notes EVERYWHERE at my last job. It was a nightmare. People had them on monitors, under keyboards, taped to desks. Made the whole password thing basically pointless. Switched to passphrases and the compliance actually went UP. Simple really does win here.
3