ACParadise Forums

Our company just changed the password rules again and people are grumbling about it in the break room. Honestly, I get it—sometimes it feels like overkill with all the requirements and constant resets. But then you hear about some company getting hacked because someone used “password123.” Is there a way to make password policies actually work without everyone losing their minds?

I totally get the frustration—bad policies just make people write their passwords on sticky notes! What worked for us was focusing on longer passphrases instead of complicated gibberish. Plus, encouraging password managers helped a lot. There’s a good write-up about making practical policies at info security if you want some ideas that don’t drive people nuts. Once folks realized it wasn’t about adding weird symbols everywhere and that they could use full sentences, things calmed down. Fewer resets and fewer complaints now.

I used to think those “must change every 30 days” rules were ridiculous, but I guess there’s a reason for them. I still wish it was easier to keep track of everything—password managers are a lifesaver for me.