As a consultant I’m frequently confronted with strange password policies. Every company I visit has different password rules with different expiration windows and so on. Although a password manager helps me to keep my sanity, I have a hard time understanding some of the multipage password rules that customers are using. But ok, if it makes our systems more secure, it’s a burden I’m willing to carry. Unfortunately there is enough research available that shows that most of these rules make no sense and doesn’t help to improve security at all… So reading the following post( https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ ) about NIST(the United States National Institute for Standards and Technology) and the new guidelines for password policies they published made me happy. An extract of some of the rules: A minimum of 8 characters. Allow at least a maximum of 64 characters(I hate it when I cannot use passphrases) No compositi...