"A secure password includes punctuation marks and numbers, mixes uppercase and lowercase letters, does not contain any meaningful words, and is as many characters long as possible."
Yeah, bollocks to that. Who is going to remember that random garbage? This sort of requirement practically forces users into bad security practices. Especially at work, this security guff gets in the way of people doing their jobs, so working around the system becomes second nature.
No. Instead we should worry about other risks, such as users sharing their passwords.
"A secure password includes punctuation, numbers, uppercase and lowercase letters, and at least one expletive."
This closes off the entire avenue of social engineering attacks for a large proportion of the population, and significantly reduces it for much of the rest. For example, you can tell people that no representative will ever ask for their password, but they'll still give it away in an unguarded moment. But they may think twice if it's obscene.-- Loris, Sep 29 2014 http://xkcd.com/936/ This is not actually secure. [MechE, Sep 29 2014] : ] http://www.dailymot...-comic-standing_funFrom 1:00 on [2 fries shy of a happy meal, Sep 29 2014] I would suggest an embarrassing secret is going to be much more secure than profanity.-- MechE, Sep 29 2014 This idea is ecumenical in that respect. It just has to be something you wouldn't say to other people.-- Loris, Sep 29 2014 In 1985, my first password was my fetish on the grounds that if I trusted anyone enough to get them to know what it was, I would trust them enough for them to know my password. [+].-- nineteenthly, Sep 29 2014 Baked by Ian Watkins (sex offender / Lostprophets singer) whose laptop password was along the lines of "Ifuckkidz"-- calum, Sep 29 2014 I wouldn't say any of my passwords to other people, as most of them don't make sense. I use a password formula that any hacker could probably figure out, and yes, my facebook password has a-s-s in it...-- xandram, Sep 29 2014 I had a lecture by some forensic investigators. they spend hours tried to crack a laptop password with various software devices. out f frustration they tried "fuck" and it ended up working.-- bob, Sep 29 2014 //out f frustration they tried "fuck" and it ended up working//
Presumably their frustration was based upon their own inability to do the sort of basic forensic work that could easily be accomplished by a moderately smart 14yo with access to google?-- bs0u0155, Sep 29 2014 // It just has to be something you wouldn't say to other people.
What, like "Hey NMRM, that's a great idea, have a bun".-- not_morrison_rm, Sep 29 2014 Nice idea. Sort of like making your password an implicit threat such itrackandkillhackers4fun-- rcarty, Sep 29 2014 If I'm forced to follow stupid overly-restrictive password rules, I will make the password a swear-filled rant about those rules.-- sninctown, Sep 30 2014 Incidentally, it occurred to me that if your password was something like "Fuck you, pigs" then it would be satisfying to write on the form when you're served under a key disclosure law.-- Loris, Sep 30 2014 I work on systems which don't allow me to set my own password. Instead, periodically I will be told that my password needs to be changed and, when this happens, I am given a choice of three nonsense words, randomly generated with rules to ensure they are (just) pronouceable. I always choose the one that sounds rudest.-- hippo, Sep 30 2014 Ho hum, 10 x 10 word grid, you make a sentence, you get the password that corresponds to the sentence you just made, from the pre-generated 10 billion passwords, each password is 15 plus randomly chars. You don't have to remember the password, just the sentence.
I got bored and made that, but no one was interested, so gave up.-- not_morrison_rm, Sep 30 2014 random, halfbakery