"qqqq ... qqq" is a strong password according to Microsoft

Does anyone else find it super annoying with sites tell you what to use as your password? "You have to use a capital letter, at least 3 numbers, a symbol, it has to be 12 characters long, and it can't be one that you've used before." This type of attitudes leads to people writing down their passwords on paper and then getting hacked when someone finds it. As this password shows, not all passwords need to have all those things in order to be secure.

Its not going to be in a rainbow table nor will most attacks try anything of significant length. It may be easy to shoulder surf the password, but a typical attack probably won't succeed. That is unless the attacker has some way of guessing the length, but a hash will take care of that.

Passwords have to satisfy multiple security issues. Brute force by code is just one. Shoulder-surfing is another. A password like that is going to be incredibly weak as an observer might easily be able to detect it. Same thing goes with longer phrases if they're based on something well known or easily guessed.

12 characters long ... you'll be waiting a while to brute force that one, I'd have thought...

FWIW, @e31z.P8 is considered 'weak', which most people would consider a pretty hard password.

Hm. It tells me "Worst Password Ever!" is a "Best" password. Better start using that one!

That might be strong, but "qqqqqqqqqqqqqqqqqqqqqqqqqqqq" is BEST!