NIST proposes barring some of the most nonsensical password rules
Proposed guidelines aim to inject badly needed common sense into password hygiene.
Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and
Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
Yep.
At my last job as an armed and unarmed security guard. We had to change our passwords every 60 days, with all kinds of these stupid rules.
I asked the IT Dept. what was the most used passwords he said: Some weird variant of "tthis Damn328$)ITdeptsucks."