I wish I could use these kinds of passwords more often, but too many sites enforce the "must contain one number, one capital letter, and one punctuation symbol", oftentimes with a maximum password length.
Practically every bank I do business with has these limitations. By contrast, my gmail password is 24 characters long, and contains capital and lowercase letters and punctuation. It makes me wonder what their back-end systems look like that they can't handle passwords longer than that.
Absolutely insane. I'd like to see a browser plugin that will detect these sites and give you a form letter asking them to fix their security standards as well as the appropriate mailto link.
Don't want the passwords to be TOO strong, now do we? wink! wink!
Also, it would be BETTER if people used two-factor authentication, maybe forcing the use of text messages to cell phones, so that they must use something they know and something they have. I wonder... if, maybe, we forced our users to select absurd, unnatural passwords they'll have no hope of remembering, and then maybe they'll have to call or text or e-mail for help almost every single time? wink! wink!
