I can't think of a set of rules to make passwords secure. It all feels like smokes and mirrors at this point. Are we going to have a blacklist of passwords that you can't use as passwords anymore (and require users to change password on next log in as we add new items to the blacklist)?
Otherwise, the more I read about these experts who can get 90% of a 16k password hash list figured out in a few hours, I can't think how MyAuntSally1 is any safer than donkey
Otherwise, the more I read about these experts who can get 90% of a 16k password hash list figured out in a few hours, I can't think how MyAuntSally1 is any safer than donkey