I did, originally. And it's certainly in my vocab, and in my applications where applicable.

You're forgetting table salt.

> Consider that you are just practicing cargo-cult security though.

No, I really am not. But as I didn't describe my reasons, you don't have the context to understand them.

Frankly, if Netflix has 4-character passwords, I would expect it to be relatively easy to compromise their accounts live with a carefully put together campaign. If Netflix gets their username/pw database dumped, I expect we'll see their policy change as the passwords are trivially cracked.

Not only that, putting together a safe & sane password retry system isn't the easiest thing every, and doing careful fraud detection based on geolocation/ip etc isn't the easist thing ever either. Particularly when I don't have someone working full-time on security.

Further, what you also didn't know is that the password strength functions as written have knobs I can adjust if things are too onerous.

So having harder passwords goes a long way towards 'better security' on the account side for little effort.

I would advise you to be more cautious about making unsubstantiated statements based on ignorance in the future.

You piqued my curiosity, so I went looking. According to Know Your Meme, that most prestigious and reliable of sources, "derp" originated from Trey Parker and Matt Stone. First it was in a movie (where they were sniffing underwear), and then in South Park. Now, having not seen the episode, I can't really comment on its contents, but I assume that the character that first used the term in South Park was either simply stupid, or suffered from some form of disability. Either way, the term has since devolved into making fun of stupid people - which I believe the grandparent was also doing.