@dethos Good stuff. It's long time we moved forward from "use at least one of each of these classes of characters" password security theater.
@dethos On one job where we tightened password requirements on an existing app, we had one very disgruntled user whose main complaint was, "I use this password for lots of other things, why won't you let me use it here too!?" :headdesk:
@pbx I suspect that practice is much more common than we expect.
"Others will never guess this ridiculous 6 character password, my accounts are perfectly safe". 🙃
@dethos Oh, I know it's very common. It was just funny/sad to hear somebody arguing so strongly to be able to do something known to be a bad idea... without giving any indication of awareness that it's a bad idea.
This is a personal and private instance.