Share911 follows current NIST recommendations regarding password strength and policies.
We realize that having a favorite password rejected is frustrating and we hope this article can help. In general, using 2 or more words with a space between is usually sufficient. Per NIST guidelines we don't require mixing of different character types nor do we require passwords to be changed periodically.
This summary of Section 5 of the NIST's Digital Identity Guidelines publication outlines our requirements for a secure password:
- Minimum of 8 characters in length
- May not include any of the following:
- Passwords obtained from previous breach corpuses.
- Dictionary words.
- Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’).
- Context-specific words, such as the name of the service, the username, and derivatives thereof.
If a password is 8 characters long and is still being rejected, it means that the password was found in previous breach corpuses and should be considered unsafe.
This comic helps explain the NIST's rationale for encouraging random common words over a mix of character types (upper, lower, number, special):
Source: https://xkcd.com/936/