The Futility of the Strong Password Solution

After experiencing a data breach, most companies take a number of measures to strengthen security, including advising users to change their passwords and to make them strong.

Although it stopped short of confirming that it was hacked or that any customer data had been exposed, Amazon-owned Twitch last week notified users that its network might have been hacked and that some user account information might have been exposed.

Among the actions Twitch took to protect its users were expiring passwords and stream keys, and disconnecting user accounts from Twitter and YouTube.

That meant users would have to create new passwords the next time they attempted to log into their accounts — and Twitch imposed new requirements that would force users to create strong ones.

One might think Twitch users would be upset at the possibility their data was stolen. However, the outcry that ensued was not due to fear of exposure. Users were angry that Twitch was attempting to force them to use unwieldy, difficult-to-remember passwords — like [email protected]$auce?, which is the example the company provided of one it considered good.
Read more here –

Blog anglais