The world has changed. Old password rules are just that – old. If we’re going to make an improvement in security, and really fight off the malware and evil hackers, then a bunch of things have to happen, but it may all reduce down to two items:

1. We have to foster an attitude of caring about security. It’s not something IT forces on people, it’s something people choose to care about
2. We need to make it easier. Complex, impossible to remember, passwords are not the answer

Wishful thinking?