my office has some pretty stringent password rules... 10+ characters, must include a lower case letter, number, and capital letter, can't repeat passwords, passwords must be changed once a month, etc...
but the thing is, I find it leads to me creating even worse passwords. I couldn't mind having one complex password that only changed once every 6 months or rotating between a couple passwords, but with these rules, I end up taking a really basic word (like password), capitalizing the first letter, and throwing a couple numbers at the end.
but the thing is, I find it leads to me creating even worse passwords. I couldn't mind having one complex password that only changed once every 6 months or rotating between a couple passwords, but with these rules, I end up taking a really basic word (like password), capitalizing the first letter, and throwing a couple numbers at the end.