Tech: September 2008 Archives

Jonathan Cogley has a post about bad password requirements that covers most, if not all, of the salient points around the topic of what defines a good or bad password. The comments also make for interesting reading. What's most disturbing though is the comment by the author himself:

 ...most times when we do a security audit of an application, the first thing we find is cleartext passwords in the user table in the database. :)