It’s a common belief that you need passwords that are minimum length and have a mix of capital, lowercase letters, numbers and symbols (like: $jfhT3@1Rlf!) and reset them every 3-4 months in order to be in-step with security best practices.
But those best practices are actually outdated, and the author of those rules actually backtracked on those recommendations.
The United States National Institute for Standards and Technology (NIST) has since released new guidelines that actually state the opposite of those old rules.
Here are the new best practices as outlined by new research and guidelines from NIST itself. [Read more…]