
This is what a strong password looks like, right? b2ng93m!
For years, we were all taught the same thing: mix in capitals, numbers, and symbols, and change it every 90 days. Turns out that advice was wrong.
Forcing people to reset passwords just makes them weaker. Tell someone to change "monkey1" and they pick "monkey2." And those clever symbol swaps? A computer cracks b2ng93m! faster than four random words like "bird-coffee-wandered-black."
The modern advice is simpler: stop forcing resets, and use a password manager so you're not memorising dozens (or hundreds) of logins.
And the direction of travel is clear - passwords are slowly disappearing altogether. Face ID, fingerprints, passkeys. The future isn't a better password; it's not having to think about one at all.
The real lesson goes beyond passwords. Security that ignores how people actually behave doesn't make you safer - it just makes you feel safer. The best security is the kind people don't have to fight.
We take this seriously at ReactWise. Handling sensitive R&D data for pharma means security isn't a feature; it's the foundation - which is why we're ISO 27001 certified and built with that mindset from the ground up.