Password Requirements: Myths and Madness

[_dain_]

Across the pond, there is also the NCSC password guidance. It's better than linking to some obscure paragraph in a standards document; it's written in plain English, aimed at the layman, and explains exactly why the old doctrines are bad:

https://www.ncsc.gov.uk/collection/passwords/updating-your-a...