Thisisalongbuteasytorememberpassword and it is more secure than Th1s!Sh*t1 !

Well the verdict is in.... using at least 8 characters with at least one uppercase, one lowercase a number and at least one special character is way less secure than just using an easily memorize-able longer string. Oh, and being forced to change your password each month is also not that great either because most people just take on an increasing sequential number at the end making it equally easy to crack as the last password.

Most of you may have seen one of the recent articles where the creator of the current commonly used password rules said he regrets creating the above rules and apologizes:
http://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987
https://www.theverge.com/2017/8/7/16107966/password-tips-bill-burr-regrets-advice-nits-cybersecurity
http://www.telegraph.co.uk/technology/2017/08/08/man-wrote-password-bible-admits-advice-completely-wrong/

And to make matters worse, the guy himself confesses that he was a bureaucrat and by no means a security expert. Amazing how this then just became massively group accepted and adopted by, as far as I can tell, 99.9999999% of all web services. Let this be a warning on several fronts:

• letting bureaucrats draft guidelines and regulations without sufficient input from subject matter experts is not great
• group think and commonly accepted practice does not, unfortunately, mean it is really the best practice
  ... there are probably some other lessons here too, please feel free to add some in the comments.

Well at least Steemit seems to have gotten it correct with their super long password strings.