PSA: I'm confused why we still push for crazy password complexity over simple length

Every security guide says to use mixes of symbols, caps, and numbers in passwords. But a long, easy to remember phrase like 'correcthorsebatterystaple' is actually stronger against attacks. Why do most tips ignore this and make people create hard to recall junk? It feels like we're missing the point of actual security.

3 comments

3 Comments

the_andrew2mo ago

Ugh, tell me about it. My old bank forced a 10 character max with three symbol types. I just mashed the keyboard and had to write it down, which is way less safe. Now I use a 20 word passphrase for my password manager and it's so much easier. The old rules just make people reuse simple passwords everywhere.

green.grant2mo ago

My buddy Matt had a password with all the symbols and caps, totally forgot it last week and got locked out of his own project. Had to spend an hour on a reset, all for a bank that still limits it to 12 characters... feels backwards.

mila6312mo ago

What's the bank's excuse when people ask about the 12 character limit? Do they actually give a security reason, or is it just some old system they won't update?