Re: Stupid password restrictions

That's pretty dangerous but I see where you're coming from.

You can go too far with password restrictions and it actually makes it less secure in many cases.

For example forcing users to change their password every 30 days results in passwords appended with 1, 2, 3 or the month which is hardly useful. But worse than that, faced with dozens of passwords changing all the time makes people much more likely to write them down. I've seen it many times now... a bit of paper with passwords on or worse, text files stored on shared storage with their passwords in!