I often get irritated by formulaic instructions for "strong" passwords when creating an account. I use a respectable password manager, so everything is unique and at least 10-15 characters with some numbers and symbols mixed in. Occasionally I use DiceWare. God forbid I don't include a number or use upper case, lower case, one of five symbols, but not th#t one! The worst is when I cannot copy and paste in both text fields. I don't even know what the assumption is there about end user behavior, but it's quite frustrating.
I know these practices must be reduced to the lowest common denominator, but perhaps websites need to allow minimum entropy and not force rules unless the minimum entropy isn't met. I don't know much about implementing, but people are so lazy that all these different rules and schemes are turn offs from better security practices.
I know these practices must be reduced to the lowest common denominator, but perhaps websites need to allow minimum entropy and not force rules unless the minimum entropy isn't met. I don't know much about implementing, but people are so lazy that all these different rules and schemes are turn offs from better security practices.