So NIST recently changed their best practice guidelines for passwords. You know how you get systems that won’t let you use things like spaces or strings above 16 characters or make you rotate passwords every 30 days or insist you include x number of capital letters and y number of special characters? Yeah. Well, they have sucky password rules and now NIST is here to sort them out.
Though my favorite of the new recommendations is the “no banned characters” rule. So now you really can use, say, the plot of Paranormal Activity (??????) as your password.1
- Except don’t use that; it’s probably already in a rainbow table somewhere. ^