Getting Rid of Complex Passwords

If you’ve ever thought that modern password requirements were needlessly complex and even less secure than coming up with your own passwords, then you’re in good company.

NIST, the National Institute of Standards and Technology, released a preview of their new digital authentication guidelines, and you can expect these recommendations to filter down to websites and applications you use on a daily basis. Here’s a summary…


At least 8 letters, but no limits.

The specifications state that maximum password length limitations will need to be at least 64 characters long.


You’ll be free to use any letter, number, or Unicode symbol they like, including emoji. ?

Passwords will be checked against a bad list.

At least 100,000 bad passwords will be in these lists, including “Password123” “wordPass123” and “ChangeMe.”

You won’t be told what to do.

Half-page instructions telling you how to make a complex password will go away, and you’ll only get a warning if it’s too easy to guess.

You will be encouraged to use long phrases, as passwords like “CloudHorse55Banjo” tend to be far more secure and memorable than short but complex passwords such as “P@s$W0rd!

The problem with requiring specific rules about letters, numbers, and capitalization, is that many people will cope with these restrictions by writing the password down on a note and taping it to the monitor.

No more password hints.

… because it’s almost as bad as taping your password to the screen.

Visit NIST SP 800-63-3 for more information.

If you’re looking to go beyond passwords, RWA can enable 2-factor authentication for your business over Windows 10, Office 365, and Azure AD. As a Certified Microsoft Partner, we’re ready to support you in your journey to the cloud and beyond. Contact us today for more information on our latest service offerings.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *