Passwords That Are Simple — and Safe

TravisTR submitted a story that talks about simpler passwords. I don't think anyone disagrees that having elaborate rules with 20 char passwords requiring mixed cases and symbols and requiring them to change frequently is a pain, but I'm not sure that allowing unique but simpler passwords is a better idea.

Reality Check

[BitZtream]

No one cares enough about your data to steal your password, so long as its not so easy to guess that a random dictionary account gets it real quick than your 3 letter password of 'AAA' is more secure than most 6 letter passwords.

Why? Again, because no one cares about your data. When you have important enough data that the employees really do need to know security, they'll also have enough intelligence to realize they need to be intelligent with their passwords.

The problem with complex passwords is that idiots keep trying to force them on people who don't need complex passwords.

Your password policies should be geared towards the individual security requirements of ... the individuals.

Donna the secretary gets to use 'mydog' as her password, so does Chris the CEO, because he doesn't do anything anyway, he tells someone else to do everything.

Igor the IT guy has strict password requirements, as do most of the accountants which have access to bank accounts directly.

If you have one password policy for your organization, you are indeed retarded unless your organization consists only of yourself.