[ Thanks to Jane Walker for this link.
]
“Most organizations use passwords to control access to IT
resources. But it’s increasingly looking like passwords are not
ideal security controls. The type of password that would provide
reasonable security is usually too complicated for a user to
remember, which usually means the user ends up writing down or
otherwise recording the password (meaning it can be stolen).“This tendency is further exacerbated when you get into password
policies that enforce password length and construction, for example
requiring certain types of characters, checking for similarities to
previous passwords and disallowing the use of dictionary
words…”