The National Institute of Standards and Technology (NIST) has issued new guidelines regarding secure passwords. We at Madeira Networks have adopted these standards with some modifications. Below is a suggested algorithm or formula to a never-changing password and a happier end-user:
First, you never ever have to change your password unless: 1) In a rare circumstance, you have given your credentials to someone and now need to change your password;
2) You've been compromised or believe you've been compromised
Second, your complex password must be at least eleven characters and satisfy three of the four criteria: 1) Uppercase 2) Lowercase 3) Number 4) Special Character
Third, promote non-dictionary passwords. Dictionary only passwords, for example Summer2019 will meet most password complexity policies, however dictionary passwords can be easily hacked. The American Dictionary has over 1 million words and malicious software can cycle through these in minutes.
Last and most important use password "black-list" technology so you are able to black-list specific words or phrases. For example, Winter, Spring, Summer, Fall, Password...
Here are some examples of complex passwords that meet the above criteria. Carb0HiH20!! Trave!2Tr@velFar# Bik3RiiderHar$