A password policy designed for federal agencies must be secure, right? Surprisingly, that hasn’t been the case, according to the National Institute of Standards and Technology (NIST). The NIST created many of the password best practices you probably loathe — the combination of letters, numbers, and special characters — but it now says those guidelines were misguided and has changed its stance on the matter.
In 2003, a manager at the National Institute of Standards and Technology (NIST) authored a document on password best practices for businesses, federal agencies, and academic institutions. Now retired, the author admits that his document was misguided.