It's a paradox that very long passwords (16+ characters) are easier to remember and to maintain than their 8-12 character cousins. Here is why: If a user chooses passwords with 16 or more characters, then complexity rules can be dropped. This means a password does not need to be mixed case or contain numbers or special characters. And, most importantly, long passwords or pass-phrases are more secure, even with limited character sets.

As an aside, I would like to mention that long passwords tremendously aid the usability of mobile applications. If you have ever tried to enter a mixed-case password with numbers and special characters on a smart phone you will know what I mean.

It seems that not a day goes by without a news story breaking concerning the leak, theft, interception or misplacement of critical information.

In just the last few weeks:

It is my observation that businesses are ready to move more of their most sensitive information to the cloud. For that to happen - SaaS providers need to support strong security measures to protect the data. SaaS solves many problems for an IT manager, but at the same time introduces some issues of its own. I will focus on one major shortcoming that, if not addressed, will cripple the adoption of SaaS. Fortunately, that flaw can be fixed with some goodwill and foresight. I refer to widely adopted weak authentication mechanisms - customers are given only the good old email/password combination, except for online banking.