Computer Science and Information Security already figured out that longer, but simpler passwords are far more effective than shorter more convoluted passwords or biometric data (especially since you'll still need a password to get in as an alternative anyway).
"Kotaku In Action 2 is the home of GamerGate you stupid faggot"
is a far more difficult password to crack password for a computer to try and figure out compared to
"K0T4ku!!02"
which you are then required to change every 30 days.
A long passphrase can be far too difficult to crack with brute force trial and error because of the insane number of combinations. People are also able to memorize long passphrases much more easily. Worse if anyone decides to do something silly like just throw a random @ symbol somewhere, all of the password cracking for English pass phrases won't work either because it's no longer a normal sentence.
The problem is getting more companies to accept the utility of passphrases.
Computer Science and Information Security already figured out that longer, but simpler passwords are far more effective than shorter more convoluted passwords or biometric data (especially since you'll still need a password to get in as an alternative anyway).
"Kotaku In Action 2 is the home of GamerGate you stupid faggot"
is a far more difficult password to crack password for a computer to try and figure out compared to
"K0T4ku!!02"
which you are then required to change every 30 days.
A long passphrase can be far too difficult to crack with brute force trial and error because of the insane number of combinations. People are also able to memorize long passphrases much more easily. Worse if anyone decides to do something silly like just throw a random @ symbol somewhere, all of the password cracking for English pass phrases won't work either because it's no longer a normal sentence.
The problem is getting more companies to accept the utility of passphrases.
using the 4 is what makes your password weaker.
It would have been impossible to crack if only I had used # instead.
More symbols arent unwise.
No, but there's a silty emphasis on symbols for 8 character passwords.