You know the kind of restrictions I’m talking about.
Can’t be shorter than 8 characters.
Can’t be larger than 16.
Can’t contain a large array of non-alphanumeric characters.
Must contain/start with a number.
Honestly, these restrictions are like telling homeowners that you can only have one brand of lock fitted to your doors. It’s not making your doors more secure, it’s just narrowing down the possibilities as to what it’ll take to best the lock. Granted, nowadays there are more inventive and efficient approaches to breaking into accounts that play on the gullibility that gets the better of even the most cautious user sometimes (I won’t deny it, that’s a bullet I narrowly dodged myself once, even though I told myself countless times I should have known better), but I don’t believe we can afford to be so lax with passwords and I don’t believe we can’t afford to ignore the possibility that someone somewhere might still take that brute-force approach to a target’s account if they’re that bloody well determined.
Maybe this is a thing that I worry too much about. Okay, fair enough. I still don’t like having my ability to make my accounts harder to breach diminished, even if that comes at the risk of making things a little more difficult for myself.