Perhaps, but I've gone 15 years without a problem, so that might count for
The reality that I have to deal with truly isn't hackers coming in and
attempting to steal my client's inventory secrets, but the fact that
employees all tend to know each others passwords, and when one gets fired,
no matter how insanely complex the requirements are, they would be able to
get in to any account they knew the password to.
In the end, it is often a known person who causes the most damage. Whether
it is the $10/hr temp security guard who let anyone in, or the intern who
brags too his hacker friend about how inadequate a particular part of the
application might be, or the sales person who steals the client list on his
way out the door, or the webmaster who gets fired and later uses a back
door to spoof emails and wire money abroad.
I've had all of these happen to clients over the years, but I've only once
had a successful attack, and that was a sql injection on a php system we
inherited. (Still should have seen it) over a decade ago.
Anyway, I suppose it's best to "know your enemy". Passwords are a pain in
the ass. My best recommendation is simply be slow about confirming and
only allow a few tries, oh, and at least 7 characters. ...then again, my
yahoo password is still 4 digits. (Got it in 1999) I figure nobody is
going to try that!!