Today's big companies require 8 to 9 chars, at least one in caps, one number and one special char. Not too bad once we get into the concept and change our public accounts using same general rules. For example I may leave out special chars for public low impact sites, or adopt a common sub rule of the corporate rules. This makes them easier to remember. Also don't forget about expiring password to enforce change.
The original strong password recommendations made by Bill Burr back 2003 need to be tossed into molten lava.
Expiring passwords is a bad design that causes password fatigue in users. Ultimately users create Pa$$w0rd1, Pa$$w0rd2, Pa$$w0rd3. This causes more requests for password resets because they can't remember what they did, and doesn't actually improve security.
Today's big companies require 8 to 9 chars, at least one in caps, one number and one special char. Not too bad once we get into the concept and change our public accounts using same general rules. For example I may leave out special chars for public low impact sites, or adopt a common sub rule of the corporate rules. This makes them easier to remember. Also don't forget about expiring password to enforce change.
The original strong password recommendations made by Bill Burr back 2003 need to be tossed into molten lava.
Expiring passwords is a bad design that causes password fatigue in users. Ultimately users create Pa$$w0rd1, Pa$$w0rd2, Pa$$w0rd3. This causes more requests for password resets because they can't remember what they did, and doesn't actually improve security.
Microsoft actually stopped expiring passwords in Windows 10
zdnet.com/article/microsoft-says-w...