I guess Apple must have changed things recently. My Apple password is a 6-letter dictionary word with a '1' at the end (the same insecure password I use for all sites I don't really give a shit about). They haven't asked me to change it yet.<p>I basically have 2 passwords: secure (for bank accounts) and insecure (for everything else) that I use for all sites except the root password of my server (which I have a set of random chars that I have memorized). I agree it's ridiculous forcing people to have a convoluted password, as they'll need to write it down to remember it. And if your site is properly designed, having a dictionary/short word as a password shouldn't matter. Apple seem to have gone from ridulously lax security to ridiculously over-the-top after their recent gongshow.<p>And before anyone flames me I do know wtf I'm talking about. I wrote brute force passwd file crackers 20 years ago, and got all the root passwords at school/university by writing packet sniffers.