Long passphrases don't have to be difficult to remember even with the
complexity requirements.
"My 2 dogs are cute!" is 19(?) characters long, mixed case, with numbers
and symbols. You might not even need the exclamation point due to the
spaces.
If the user really can't remember the passphrase then a reminder such as
"What are the dogs?" could be written on a Post-It and not overtly give
away what the passphrase is.
"Star Trek 4 was the BEST one"
"3 More Years - Retire"
"Me+Her=2Smiles"
Lots of easy passphrases that can meet the requirements and that nobody
is going to easily guess or brute force.
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
"Anteaus" wrote in message
news:756EAFC8-EE43-4B9F-A1EE-2ACE5643656F@microsoft.com:
> Issue here is that there is a 'watershed point' at which passwords become
> non-memorable. People then start writing passwords on post-its attached to
> displays. At this point the security of the system plummets.
>
> This is particularly true with 'complexity requirements' which require
> numbers, capitals and punctuation, since these prevent the use of a memorable
> passphrase.
>
> "Steve Riley [MSFT]" wrote:
>
>
> > Just use good passwords (I like length better than complexity) and do away
> > with account lockout policies completely.