I always wondered if there was any evidence that strong passwords (i.e. no dictionary words, include numbers, different cases and symbols and change frequently with no repeats) for computer systems are really necessary. The theory is that you need a password that cannot be broken by multiple guesses. However, I’d like to know how many systems are actually broken into using a brute force attack. My guess is that break ins occur using other means, like stealing passwords with spywear. This article in the New York Times confirms my suspicions that we could make password selection much less onerous on the user without sacrificing security.