I would urge everyone here to read the following articles re: password strength. I realize for some it may be a regulatory requirement but “complexity rules” do not improve your security posture. Complexity rules lead users directly to predictable (exploitable) patterns of behaviour. If your own security teams are advocating complexity rules then try to educate them on this. There’s plenty of evidence out there to support arguing against “strong password policy”.
1 Like