The US government’s latest recommendations acknowledge that password composition and reset rules are not just annoying, but counterproductive.
The story of why password rules were recommended and enforced without scientific evidence since their invention in 1979 is a story of brilliant people, at the very top of their field, whose well-intentioned recommendations led to decades of ignorance. These mistakes are worth studying, in part, because the people making them were so damn brilliant and the consequences were so long lasting.
Interesting little history piece, but I did not see any evidence that password complexity rules don’t help which i think was supposed to be the point of the article.
The article leads with the US Government changing their recommendations on password policies, so the assumption is that they’ve done the homework. Still, yeah, I’d have been interested to see the details.