The Best Password Advice Right Now

Ever since NIST submitted SP 800-63 Digital Identity Guidelines for review a few years ago, the computer security world has been debating the agency’s newest recommended password policies, which run starkly contrary to decades of previous advice.

In a nutshell, among other things, NIST now says that policies that require long, complex, frequently changing passwords puts users and their companies at greater risk because it increases the odds that people will reuse those hard to remember passwords in multiple, unrelated security domains, and a compromise of one domain can more easily lead to a compromise in the other domains where the same password is used.