A Terrible Password Policy
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6BCrw63OwvwFMtq2y18IWr85F8IZtNwo5KzCtSppJNYhWVJdZZXDoZluTCkZqwwM8tbsc5c8SVOmkoL_NyXqY5euNXenpghp-NwawGBD08xzrYs-1n3fgOwYV7fQ3I7Z7UNqMwf-zdeLYz2Njt-B7nKIhwMc5HoEnYkSsJD6kr07u7eYP5-1zZuSwXEs/s16000/coffee.png)
I know a guy who can't keep a secret. Or maybe, it's better to say - he won't keep a secret. It was a principled thing. Whatever secrets he comes upon, he feels compelled to share. He preferers openness, transparency, but especially not having to track who-knows-what in his head. I once asked him how he applied this policy to his account passwords. "I use passphrases, and I pick phrases that can naturally be worked into conversation so that no one is the wiser. That way, I share my secrets but my accounts remain safe." "If someone comments on the weather, I can respond with TheresASl!ghtCh@nc3OfR@in. If someone asks about the latest sports game, I'll offer up that Th3R3fsM@deT3rr!bl3C@lls." This is a T3rr1bl3P@$$w0rdP0l!cy.