Nice remark on password complexity

pwgen, my favorite Linux tool to generate random passwords that can be memorized:

-s, –secure
Generate completely random, hard-to-memorize passwords. These should only be used for machine passwords, since otherwise it’s almost guaranteed that users will simply write the password on a piece of paper taped to the monitor…

I like to see how alternative thinking in Information Security community is emerging. Good that we started to realize people are not robots, and commands and programming will never work here. This is basic risk management, to consider ‘human elements’ in any program. And while I am sure there are people who will disagree and bring up some very good and solid arguments, I don’t understand why in world of Information Security, one of the most modern and fast-evolving professions, we are still trying to rely on ideas that are decades old, and never really worked since…