fighting the lack of good ideas

a semi-permanent psa on passwords

Passwords should never expire:

Passwords should not be changed often:

Password “complexity” is – mostly – a joke:

You have been breached:

Passphrases are better than passwords – and will generate them for you (it will also generate random passwords that pass complexity requirements)

Use a password manager of some kind

on entropy, password/passphrase complexity, and if you’ve been part of a data breach (spoiler alert: you have)

I wrote an article on passwords, passphrases, entropy, and data breaches for my employer’s blog: