Menu Close

Password Policy: Complex or Long?

My blogpost on this topic at Oversitesentry shows the NIST-80063B publication to note that a long password is better for overall security rather than a complex password policy.

The issue is that users tend to not have good habits if they are constantly having to create new passwords (every 3 months) which in effect means 4 passwords a year, and if one is a long term employee, one will have to keep up with 12 passwords in 3 years. Thus one is making all computer identity management tasks more difficult

This is one of my favorite pictures(from storyblocks.com image): Do you think human psychology has anything to do with this? Maybe we have a natural

Postit password – If your policy is too complicated how many users will do ‘bad’ cybersecurity?

Tony Z

Psychology of security – time to learn some?

Tony Zafiropoulos