Microsoft recently published a new password policy recommendation paper. Microsoft’s advice flies in the face of conventional wisdom on the subject of passwords. Traditional password recommendations call for passwords at least eight to 12 characters long, complexity that includes at least three different character sets (letters, lowercase, numbers, symbols, symbols) and the stipulation that passwords should be changed at least every 90 days. But over the last decade, hackers have changed the way they attack passwords, which are now in the minority.”]
Source: https://www.csoonline.com/article/3077473/the-days-of-long-complicated-passwords-are-over.html