correct horse battery staple. Length is key imo not complexity. Make it longer but easier to remember rather than shorter and complex helps users and has been the most effective way of killing two issues, users in ability to remember and the use of simple to crack passwords.
We check AD once a month for weak passwords, with just a solid dictionary and 1 day checking its amazing how many so called 'complex' passwords it will get (mostly due to a solid dictionary of real world passwords. Those users are reminded twice before having their account locked and having to answer to their manager. Good policy and backing of the business are key to our progress. In the last two years its dropped from capturing over 60% of the passwords in AD down to around 10%. Still too many but with a high staff turn over and lots of users it'll never be perfect.
Biting the hand that feeds IT
