Here is the text of the NIST sp800-63b Digital Identity Guidelines.
18 points
*
2 points
*
4 points
I would always just create 1 password and append a number and it’s special char, cycling from 1 to 0; like 1!
, 2@
, 3
. Never stayed at a place long enough to go higher than 7 or 8.
I never gave a fuck about doing this because it’s the companies fault for applying stupid policies. Whenever I’ve been allowed a password manager, they got real security instead of malicious compliance.