Password Recovery

Passwords that are difficult to remember will reduce the security of a system because

(a) users might need to write down or electronically store the password using an insecure method,

(b) users will need frequent password resets and

(c) users are more likely to re-use the same password.

Similarly, the more stringent requirements for password strength, e.g. "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system