The National Institute of Standards and Technology (NIST) has issued new guidelines regarding secure passwords. We at Madeira Networks have adopted these standards with some modifications. Below is a suggested algorithm or formula to a never-changing password and a happier end-user:
First, you never ever have to change your password unless:
1) In a rare circumstance, you have given your credentials to someone and now need to change your password;
2) You've been compromised or believe you've been compromised
Second, your complex password must be at least eleven characters and satisfy three of the four criteria:
4) Special Character
Third, promote non-dictionary passwords. Dictionary only passwords, for example Summer2019 will meet most password complexity policies, however dictionary passwords can be easily hacked. The American Dictionary has approximately 350,000 words and malicious software can cycle through these in minutes.
Last and most important use password "black-list" technology so you are able to black-list specific words or phrases. For example, Winter, Spring, Summer, Fall, Password...
Here are some examples of complex passwords that meet the above criteria.