I definitely know from this:
Starting today we were required to update one of our passwords to a 12 character monstrosity that includes at least one of each of the following:
1. Capital letter
3. Symbol (ie, @#$&!)
And the reuse of previously used passwords is restricted to waiting until the 21st round of passwords. Oh, and we’ll now be required to change our passwords in 60 days instead of 90 days.
I believe “@#$&!” is what I say when the “Your password will expire in 14 days” message comes up after a mere 30 days. We’re allowed to slide by on a mere eight characters, but we must include at least one from each of the Three Basic Mistyping Groups.
Now I realize that there are people out there with passwords like “password” or “susan,” but still:
What makes them think that they’re actually increasing security by making it so much harder to remember all of the passwords? Because at some point a cheat sheet is required just to avoid calling the help desk several times daily to get your passwords unlocked because you entered them incorrectly too many times.
Besides, one of my favorite sources for passwords the vast universe of foreign-language cuss words seldom yields up anything with numbers in it.