That works until you run into the kind of failure at security planning like I'm currently dealing with, a regular user has to remember 3 passwords that according to policy should be different and have different expiration times (all around 90 days), in addition to two pins. Minimum 8 characters, not one of the last 16 used, uppercase, lowercase and numbers required but symbols are not allowed. There is also supposed to be a disciplinary action if we write down passwords.
In addition if you are actually working with multiple computers (say you work in IT) you usually need to remember a few dozen passwords, or in some cases a few hundred passwords.
Those factors lead me to know the few simple patterns most people follow, the only saving grace is that it locks you out after 3 failed passwords and it takes about a day or two to get it reset. which is about as catastrophic to productivity as you would imagine is to be.
In the above example the individual factors of the security plan are ok (well aside from not allowing symbols in passwords, a bizarre failure), but as a whole it's actually counterproductive. Think about how users will react to a system when desining it, if the password changes once every two years most users will pick a good password if it is important, but if it is a hassle every few months people can't be bothered to.
it doesn't help that throwaway sites require registration and passwords all over the place. especially when such a throwaway site has a 'strong' password policy.
E: "Did they... did they just endorse the combination of the JSDF and US Army by showing them as two lesbian lolicons moving in together and holding hands and talking about how 'intimate' they were?"
B: "Have you forgotten so soon? They're phasing out Don't Ask, Don't Tell."
In addition if you are actually working with multiple computers (say you work in IT) you usually need to remember a few dozen passwords, or in some cases a few hundred passwords.
Those factors lead me to know the few simple patterns most people follow, the only saving grace is that it locks you out after 3 failed passwords and it takes about a day or two to get it reset. which is about as catastrophic to productivity as you would imagine is to be.
In the above example the individual factors of the security plan are ok (well aside from not allowing symbols in passwords, a bizarre failure), but as a whole it's actually counterproductive. Think about how users will react to a system when desining it, if the password changes once every two years most users will pick a good password if it is important, but if it is a hassle every few months people can't be bothered to.
it doesn't help that throwaway sites require registration and passwords all over the place. especially when such a throwaway site has a 'strong' password policy.
E: "Did they... did they just endorse the combination of the JSDF and US Army by showing them as two lesbian lolicons moving in together and holding hands and talking about how 'intimate' they were?"
B: "Have you forgotten so soon? They're phasing out Don't Ask, Don't Tell."