Are Password Rules Making Us LESS Secure? - Comments Page 3

One further irritation is when I run into a site that allows you to enter a long password and confirm it. Go to enter it, and bingo! The password is too long to be entered. Guess what? Because the shortened form edition doesn't match the original password on file, you can't log in. If you are lucky, you can get a password reset sent to you, and start over, while remembering the unwritten rules on the web page password entry form!!!!!
Secure order sites have been the worst offenders in my experience.

Please clarify you comment about "LastPass" not working. Thanks.

EDITOR'S NOTE: I overstated the case. I was thinking specifically about sites that require the special character to be in a certain position, such as at the end, or ONLY in the middle of the string.

Re: "Password must contain one uppercase letter"
I've only ever seen "must contain AT LEAST one..."

Robert C., thank you for that suggestion. I have not read all the comments here, but it did occur to me that perhaps the overwhelming criticism of both passwords in general and our host's take on the subject indicates that passwords have been rendered obsolete and that all future tech toys that enable you to shop and reach internet sites should now be equipped with retina scanners. (With practice, even a blind person should be able to scan an eyeball, and then use speech recognition software to talk to his/her pc..."

I would like your opinion on this as an easy to remember password. Let's say you used your father's phone number which is 123-456-7890 but instead of just using the number you use the top row of numbers on your keyboard and hit the shift key every other time (or any pattern you want to use). So your password becomes DaD1@3$5^7*9)

Would using characters that were not on the keyboard slow down the hackers? ☺☻♥♦♣♠•◘○
(These are Alt 1 through Alt 9)

I totally agree that the new password rules make them less secure! I am totally unable to remember the new passwords multiplied by multiple sites requiring them so I am forced to write them down and store them somewhere.

I've seen chats about p/w salts and hashes and tried to understand them. Failed. I am clueless about these terms and what they do,

Use a passphrase as your core password. It must something that will die with you. It must be something you'll never forget even if you get Alzheimers. And no one else knows about it. You never write it down. It really can be just about any length that is allowed for a password. But the passphrase is accompanied by other letters and/or characters but never meaningful words. Your "cheatsheet ' that you keep beside you omits the passphrase. Other information attached to the passphrase can be remembered and thus provide the security and memorability. I am 99 now and I remember 25 or more passwords easily.

Regarding LastPass, I don't use it to generate passwords for me, just to store and access what I create myself. Therefore difficult password rules hindering auto-generation, is not an issue for me.

When it comes to brute force attacks then any upper/lower case letter, number or special symbol is like any other one. It computer terms there is nothing special about a special character, or the case. They are all just numbers representing something the computer doesn't care about.