Complex PasswordsA password policy that requires long, complex passwords including things such as upper case, lower case, special characters and numbers makes it more likely that users will write passwords down or forget them and need to call customer support. This isn't necessarily bad, as writing a password in one physically secure place may be safer than using a weak password. A trusted password management tool that stores passwords in a strong encrypted format is perhaps helpful.
Password Change PolicyIn the past, it was common for systems to require users to change passwords frequently. As this interrupts the flow of a user's task they are more likely to choose a weak password as they are motivated to continue.
|Overview: Password Paradox|
When a password policy intended to strengthen security ends up encouraging users to write passwords down, reuse passwords or choose weak passwords.