The above xkcd cartoon should be required viewing for every IT professional making decisions about cybersecurity. We are now constantly faced with services that ask us to change passwords all the time, and these must meet certain requirements. The password must have a cap, a number, and increasingly, a special character such as !$&# (it looks like I’m swearing!)
I would not be surprised if the number of written passwords in yellow sticky notes by the side of a laptop are on the increase. If you have a couple of minutes of idle time, type “password sticky note” into Google Image, you won’t be disappointed.
Having said that, I can see the argument for standardised requirements for stronger passwords though. Left to their own devices, most people will use 12345 as their password, or simply use “password” as a password.
In the end, the weakest link in cybersecurity is the carbon-based organism sitting behind the keyboard.
ETA: More on stupid password policies.