Naive password complexity requirements

Published: Apr 13, 2021
Apr 2021

Password policies are a standard default for many organizations today. However, we're still seeing organizations requiring passwords to include a variety of symbols, numbers, uppercase and lowercase letters as well as inclusion of special characters. These are naive password complexity requirements that lead to a false sense of security as users will opt for more insecure passwords because the alternative is difficult to remember and type. According to NIST recommendations, the primary factor in password strength is password length, and therefore users should choose long passphrases with a maximum requirement of 64 characters (including spaces). These passphrases are more secure and memorable.