[LordKano]

That's a good long term solution but when policies force you to change your password every 45 days, it falls apart.

In my experience, overly restrictive password policies force users to choose passwords that are less secure and easier to remember.

[Spooky23]

The good news is that the practice is going away NIST revised it's guidance/recommendation for password cycling.

[mundo]

You can tell a company has this policy when every monitor has a sticky note on it with the numbers 1 to N on it, where 1 to N-1 are crossed out.

[COil]

Yes indeed. For example they add the current year and month and keep the same "base password" which is unsafe.

[e12e]

"Password2017" is a typical "secure" password. Capital and small letters, and number - longer than 8 characters. Passes most "checks" for passwords...

[koolba]

"Password2017!" is even better. It's got a special character!

[falcolas]

My favorite "pattern for stupid passphrase requirements" is "1qaz@WSX" - then just move a row to the right with every password change. :)

[quickben]

Funny how most people go for ! as the default special character :)

[koolba]

It adds to the excitement of logging into an application. Instead of "login", you get to "login!".

[LordKano]

I think it's a natural outgrowth of how so many people chose "1" when they were forced to add a number to their passwords.