Please, in 2025, don’t prioritise complex passwords as a method of sign up and logging in
The impossibility of remembering a good complex password, takes away all the good stuff about passwords, like not having to write them down, and being able to shout them at someone trying to login to the tv in the other room. Instead, when faced with complex password requirements, users tend to fall into four groups:
Complex in name only
Petname89! Probably an improvement on what came before but not exactly the enigma code
Magic Link in all but name
I will use the password reset link to login this time, use a password I have no intention of remembering, and do the exact same thing next time I have to login
My password manager takes care of that
I will remember exactly one password, and use random gibberish for everything else
The perfect password – used everywhere
A brilliantly conceived password that is complex, memorable and unguessable. Great until one of the 200 services it is used for is hacked
Magic links, OTPs, SSO, passkeys – all of these should be prioritised over password.