We all know the drill when creating a password. In the name of “complexity,” we’re typically asked to use a minimum of eight characters, including at least one uppercase letter, one lowercase letter, a number and a special character. Oh, and we need to memorize the password and not use the same one anywhere else.
Here’s the problem with these instructions: They do the opposite of what was intended. They make it too hard for users, who in turn make it too easy for hackers.
