[xamuel]

>Do you really want to be the guy who gets thrown under the bus because you had to disable strong passwords because the CEO was angry he needed both upper and lower case letters in his AD password?

Except those strong password policies don't strengthen security at all, neither in theory nor practice. Congratulations, the CEO's password is now "qweRTY" and it's written on a yellow sticky-note on his monitor.

[tw04]

A post-it note on his monitor of a secure password (they generally require a number or special character, as well as being 8 characters long), is actually better security than an extremely simple password. I can have him lock his office door... I can't prevent someone from brute forcing the password he's re-used on every site on the internet.

I literally tell my parents to have a secure password they write on a post-it note. The odds of someone breaking into their house for their password is about 1/10000th the odds of someone cracking their simple password on a website and getting the keys to the kingdom.