Perhaps the thing that annoys me the most when I hear security being shared with end users is when they get the information wrong or overemphasis on things they don’t understand or can’t support. This is the problem in the way we communicate, especially in the WordPress community. This is applicable to all communities though, regardless of platform.
To be clear, in case the title was misleading, this sentiment is wrong and we should do a better job at communicating security.
It All Lies Within the World of Passwords
Most of the nonsense I hear around this comes from folks with a very small perspective into the world of security, and as of late seems to stem from the access control guys (those that are fighting the password game).