[What's new - NIST Password Guidelines September 2024](https://www.oneadvanced.com/news-and-opinion/whats-new---nist-password-guidelines-september-2024/):
> Additionally, the complexity requirements have changed from
> requiring complexity to just focus on length.
> This is because of common practices like capitalising
> the first letter or adding a “1” or “!” to the end.
[Password policy recommendations for Microsoft 365 passwords](https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide#requiring-the-use-of-multiple-character-sets):
> Forcing your users to choose a combination of upper, lower, digits,
> special characters has a negative effect.
> Some complexity requirements even prevent users from using secure and
> memorable passwords, and force them into coming up with less secure and
