Striving to become a master Go/Cloud developer; Father ๐จโ๐งโ๐ฆ; ๐ค/((Full Stack Web|Unity3D) + Developer)/g; Science supporter ๐ฉโ๐ฌ; https://coder.today
Yes, I think the theory is correct, but the practice is different.
You presume that the passwords are random, so the avg number of guesses is close to the median. In reality people will use same common passwords and the guesses will be sorted by popularity. By enforcing these rules I suppose it is a forced way to enlarge the set of common passwords.
I personally hate these rules, because I cannot use the most secure passwords and easy to remember (which are a long set of common words) :(.
Yes, I think the theory is correct, but the practice is different.
You presume that the passwords are random, so the avg number of guesses is close to the median. In reality people will use same common passwords and the guesses will be sorted by popularity. By enforcing these rules I suppose it is a forced way to enlarge the set of common passwords.
I personally hate these rules, because I cannot use the most secure passwords and easy to remember (which are a long set of common words) :(.
You're right, that's very similar to what I've realized from that comment.
I somehow never thought of passwords being sorted by popularity, just going through them in order.