I thought people here would get a laugh from this. The company I work for instituted strict password policy (with expensive training) including all the standard restrictions. The one that struck me as odd is that no three letters can be contained in dictionary word. My first attempt at a password was: $!32a79Pr0meth@s789! I would consider a secure password but rejected because of met. IT told me it contains dictionary combination so is insecure. IT they told me to make your password up this way: $(3 letters one upper)(four digit year). eg $Dgu2010 I told him that was ridiculous advice. I manage 23 field guys, many with basic computer literacy. My guys on getting this advice: $Xxx2016 Where if you think about it what is the most easiest thing to remember (hint: there initials). I spoke to the higher ups and they insist it is secure and that my recommendation (diceware) is dumb because it contains dictionary words. Note that I work in a sensitive industry with SCADA controllers and the like. Am I missing something here?