
I’ve often thought that certain password policies actually reduce security because users, being human, create less-than-secure mechanisms by writing passwords down or by reusing the same passwords whilst adding a simple digit on at the end. It now seems that GCHQ agrees with me!