Context is that I had to register for a lot of accounts recently and some of the rules really make no sense.
Not name-and-shaming, but the best one I’ve seen recently is I might have accidentally performed an XSS attack on a career portal using a 40-digit randomly generated password…
Any service that says I must have a 12 or 14 string password, combined with symbols, numbers and letters.
Do you know why, I have to keep resetting my password, services that have this dumb requirement? Because your fucking requirements are absurd and unnecessary. I don’t have the mental capacity to care to remember that long of a password. I have to have a document now of all of the passwords I have so it’s not forgotten. I have to have browsers autofill for me because of this shit.
In a perfect world, 6 - 8 string passwords would suffice and lots of emphasis on symbols and numbers at the very least. The longer you try making the characters of a password, the chances of forgetting increases.
Flickr does this. Some of the portals to my apartment portal does this. Portals to some of my medical information does this. It’s fucking bullshit. StateFarm does this too.
Using a password manager is a lifesaver for this :) there are open source ones like KeePass and you can sync the encrypted file across devices using Dropbox or similar
For me it’s the opposite - every password is generated, except for those websites that limit me to something unreasonably short like 14 chars. They need to accept longer passwords, so I can use a generated one with default complexity, not have to make up something easy to remember
Write it down
Then you’ll memorise it