I am very tired of seeing arbitrary password rules that are different for every web or mobile app. It's almost like these apps aren't following a standard and are just making up their own rules that aren't based on good security practices.

All too often I see password entry requirements like this:

Apparently, my password is 'unacceptable' for AT&T because it's more than 24 characters long...
12 characters is an arbitrary number! This website actually wants you to be less secure.

Who came up with the idea that you need to have short passwords with only certain types of symbols that are impossible for the average human to remember?

XKCD made an excellent point about this here:


More Secure Passwords

Decades ago, it was recommended that people use more complex passwords containing numbers and symbols to make them more secure. That is no longer the recommendation of security professionals – even the ones who used to recommend more complex passwords now say that practice is outdated.

Security testing shows that the best ways to make passwords more secure is to simply make them longer and use a unique one for every app or website. They don't even have to be fancy or completely random. But you should be using a password manager to generate them anyway.

I recommend using 1Password (browser), Encryptr (desktop), or RoboForm (browser). Then you will just have one password to remember and have the password manager do the hard work of generating a unique one for every app or website you use.

More Information


Remember, make longer passwords, educate yourself by reading Troy Hunt's article, and use a password manager.

I hope you enjoyed this brief article. Let me know your feedback or additional recommendations in the comments.

Here is how you can reach me: