It looks like there’s finally hope for sane password policies. The US National Institue of Standards and Technology, NIST, has released a draft of SP 800-63-4, the Digital Identity Guideline. There’s password guidance in there, like “SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords” and “SHALL NOT require […]