Let me narrate a small story here to show you how a server administrator and an Information Security Officer (ISO) of an organization struggle to protect organization assets.
ISO of the organization has the password policy written and it says that the user password should be
• minimum of 8 characters long
• password lock-out at 3 failed attempts
• expires once in every 45 days
• Should be a combination of uppercase, alpha-numeric and special characters
Policy handed over to the server administrator and it has been implemented across the organization.