New Government Password Creation Guidance
The National Institute of Standards and Technology (NIST) has provided new recommendations on passwords that might seem like a complete 180 from what we’ve always been advised. No more random letters and numbers, think more about phrases.
It is now advised that passwords should be simple for the user to remember, but long, so phrases and full words will work the best. Random passwords can actually make it easier for thieves to discover, while simultaneously making it difficult for the user to remember.
NIST also eliminated the suggestion to rotate passwords regularly. This seems counter-intuitive, but it is based on the assumption that most users don’t actually change their password entirely, only a character or two, so it does not boost protection.
