If you’ve ever watched The Truman Show or The Matrix, then you’re already familiar with the allegory of Plato’s cave.
If Plato’s Cave doesn’t ring any bells: imagine you’ve been shackled in a dark cave since the day you were born. You’re tied up in such a way that you can only look straight at a wall the whole day. Behind you is a fire that casts shadows on the wall from figures you’ll never observe directly.
Yes, Plato’s Cave is a cruel and damning place. You definitely don’t want to be born there.
You’ve never seen anything but the wall in front of you. You attach value and meaning to the shadows you see pass by every day, and treat them as the real world. The shadows you observe are real and shape your reality, but they’re not the real thing itself.
As a Product Manager, you must be effective at dealing with the shadows of Plato’s cave, because you will encounter shadows every single day that may appear as reality.
You must treat every requirement as a shadow, an incomplete and possibly inaccurate approximation of reality, and not necessarily the real thing.
All requirements are attempts at approximating reality shaped by the boundaries of what we know and understand. In fact, they’re often shaped and molded by the boundaries and experiences of others before they even come your way.
You don’t even observe the shadow, but the shadow of the shadow, as expressed in imperfect sentences and words by someone else who claimed to have seen the shadow.
Requirements are echoes of reality that frequently appear more real than they actually are.
We often don’t test requirements against the raw inputs of reality, and hence we end up with nonsensical requirements. A good example of where we frequently stumble on weird requirements is the realm of password requirements.
Password Requirements Are Often Shadows of the Shadows of Reality
Most password requirements are usually a combination of one of the following factors:
Minimum length - usually 8 characters
Uppercase letters - at least one uppercase (A-Z) character
Lowercase letters - at least one lowercase (a-z) character
Number at least one digit (0 - 9)
At least one symbol (!,@,# etc.)
Almost every website has some mix of these different factors, because they are lazy and simply decide to replicate the shadows of others.
The biggest problem with these password requirements is that they actually make your password worse. Overly complex password rules, such as requiring uppercase, lowercase, numbers, and special character,s decrease overall security, because:
Users adopt predictable patterns to meet the password requirements, such as:
Capitalizing the first letter
Ending the password with ‘123’ or ‘123!’
Use substitutions e.g., substitute ‘A’ with ‘@’
As a result of the complex requirements, passwords become harder to remember:
People will begin writing down their passwords
They will use slight variations between different accounts (Password123 and Password123!)
The result of all these complex password requirements is the opposite of what we want to achieve: passwords with lower entropy. Entropy is a fancy word for saying that they’re less disorderly and more predictable. Which means they are easier to be cracked.
For this reason, NIST, the National Institute of Standards and Technology, recommends the following:
Prioritizing password length over complexity
Mandating compromised credential screening
Eliminating forced password resets unless a compromise is suspected
Encouraging passwordless authentication methods
NIST recommends much simpler and better password requirements than most companies use in 2025:
Minimum length of 8-character passwords and 15+ for accounts with elevated privileges
Password screening against compromised credential databases
However, the danger with these guidelines is that they are treated as absolute requirements to follow in any situation. They still are, at best, shadows of reality that may or may not help you achieve something in the real world.
A company like Netflix has much simpler password requirements:
Your password must be at least 6 characters
This is a deliberate choice, because what’s the worst that can happen if someone steals your password? They use your account, and screw up your recommendation algorithm because they fell asleep watching some movies you don’t like. (OK, I’m exaggerating, but you get my point).
What’s the best way of dealing with the shadows of reality?
Escape Your Cave and Explore
It’s easy to get stuck discussing shadows and waste time polishing them to perfection by hiding out in requirements documents.
To discover reality, you must be curious and explore. Leave the cave and try to move away from the shadows towards the light, and try to understand reality.
Instead of asking obvious questions like how it’s supposed to work, probe further: what are we trying to achieve and why is it important? What’s the world look like to the people who are using it? Expand the conversation beyond the shadow of a shadow you’ve been given.
Our desire for certainty, clarity, and control often prevents us from exploring and embracing the messy reality of the work.
It’s much easier and comfortable to create paper victory documents that create the illusion of exploration and knowing, by perfectly describing the shadows we see on our walls.
As Maria Popova has expressed much better:
“Question your maps and models of the universe, both inner and outer, and continually test them against the raw input of reality. Our maps are still maps, approximating the landscape of truth from the territories of the knowable — incomplete representational models that always leave more to map, more to fathom, because the selfsame forces that made the universe also made the figuring instrument with which we try to comprehend it.”
- Maria Popova, the Marginalian
Us fallible and imperfect humans, to some extent, will always be bound to the shadows of reality. We can frequently prevent having to deal with the shadows of the shadows of reality.
Escaping the shadows of the shadows of reality requires courage and asking questions with intent curiosity, which won’t always be appreciated as your questions might destroy the perceived fabric of reality, which can be highly uncomfortable for the observers of shadows.
Requirements are frequently even worse than being in Plato’s cave and watching shadows move on the walls. Requirements are not even shadows of reality. Requirements, at best, are the shadows of the shadows of reality.
If we want to escape Plato’s Cave of Requirements and deal with the reality of our work, throw out the paper victory requirements that satisfy our sweet tooth for the certainty, predictability, and the illusion of control.
"Plato's Cave of Requirements" = genius abbreviation.