The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time
We’ve all been forced to do it: create a password with at least so many characters, so many numbers, so many special characters, and maybe an uppercase letter. Guess what? The guy who invented these standards nearly 15 years ago now admits that they’re basically useless. He is also very sorry.
The latest set of NIST guidelines recommends that people create long passphrases rather than gobbledygook words like the ones Bill thought were secure.
You're better off using rando ass passwords for every.single.account. and then a strong passphrase for however you secure them (unless you have wicked memory powers and can remember the phrases for a bunch of sites!).