In a former life, I was a system administrator for not only the PC repairs company I worked for, but a number of other clients as well. One of the main issues I had was deciding on password complexity and what kind of measures needed to be taken to protect passwords. I ended up not implementing policies like changing it every 30 days and not requiring special characters, because the reality is that complex passwords just aren’t that easy for the average human to memorise.
With the rise of AI now implementing patterning along with dictionary attacks, even previously “secure” passwords like “!1Q2w3E4R?” are not safe, because machines can easily crack them. Well, thanks to a new password policy standard from the National Institute of Standards and Technology (NIST), we can all start implementing passwords that are actually secure, instead of passwords that are easily cracked using brute force methods.