It was very intriguing to read an op-ed article that appeared in InfoWorld in June. Written by Roger A. Grimes, under the headline “The days of long complicated passwords are over,” it brings up some of the most current thinking around password use and protection within organizations and information networks.
Among other things, Grimes challenges his readers’ assumptions about the usefulness of passwords, or at least of passwords alone, as a protective mechanism for networks, saying that, while “Traditional password recommendations, as implemented by most companies, typically call for passwords at least eight to 12 characters long, complexity that includes at least three different character sets (letters, uppercase, lowercase, numbers, symbols, and so on), and the stipulation that passwords should be changed at least every 90 days,” the emerging reality is that password complexity, or lack of it, is no longer a significant issue, in his view.
