Why I Hate Password Rules
The other day, I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used Password Safe to generate this 16-character alphanumeric password:
:s^Twd.J;3hzg=Q~
Which was rejected by the site, because it didn’t meet its password security rules.
It took me a minute to figure out what was wrong with it. The site wanted at least two numbers.
Okay, that’s not really why I don’t like password rules. I don’t like them because they’re all different. Even if someone has a strong password generation system, it is likely that whatever they come up with won’t pass somebody’s ruleset.
Jason • November 16, 2021 6:07 AM
Aren’t long passwords better than short ones (https://xkcd.com/936/)?
I usually use
pwgen -ync 40
to create password. But there’s quite a few sites/services that don’t want such long passwords or reject special chars.