No, that’s not a typo.
More evidence has emerged that millions of people choose poor quality passwords. This is perhaps less surprising than it is disappointing. Why are we still having this discussion? Why is the most widely-deployed authentication factor in the world so poorly implemented?
Unfortunately, the truth lies in the fact that, if given the chance, many of us will choose poor passwords. By poor we mean too short, too easy to guess, or the same as every other password we use everywhere else. And, let’s be honest, many users will become frustrated if an app/website enforces a password complexity policy.
Complexity is easy to sell for on-line banking systems, but outside of that, many users are simply frustrated if they are forced to come up with a decent password. Sites that are easy to use get more visitors. Put up barriers to entry at your peril.
Until such time as the humble password is treated with the respect it deserves, our oldest, most upstanding security ally will remain somewhat limp.