Why Enforced Password Complexity Is Worse for Security (and What to Do About It)

In the infancy of computing, passwords relied heavily on trust. These early passwords were relatively short and simple. As the trust eroded and the threat model changed, we started to enforce restrictions around passwords such as minimum length and using encrypted passwords for system access. As computing continued to evolve, it became even easier to guess or manipulate passwords thereby driving more artificial complexity and, ultimately, user hate and non-compliance.

Let’s take a step back, evaluate some password threats, review their protections, and challenge evolving complexity requirements.

Cyber SecurityJonathan KlineMarch 10, 2021Passwords, Cyber Security