diff --git a/docs/security/passwords/passwords.md b/docs/security/passwords/passwords.md
index 534651a0c4466f19f28b1c9e16e5fe97318c09da..990e9071ec43a37045ef0c0519b657ed9a94fd3d 100644
--- a/docs/security/passwords/passwords.md
+++ b/docs/security/passwords/passwords.md
@@ -1,5 +1,22 @@
 # Passwords
 
+## Password policies
+
+[What's new - NIST Password Guidelines September 2024](https://www.oneadvanced.com/news-and-opinion/whats-new---nist-password-guidelines-september-2024/):
+
+> Additionally, the complexity requirements have changed from
+> requiring complexity to just focus on length.
+> This is because of common practices like capitalising
+> the first letter or adding a “1” or “!” to the end.
+
+[Password policy recommendations for Microsoft 365 passwords](https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide#requiring-the-use-of-multiple-character-sets):
+
+> Forcing your users to choose a combination of upper, lower, digits,
+> special characters has a negative effect.
+> Some complexity requirements even prevent users from using secure and
+> memorable passwords, and force them into coming up with less secure and
+> less memorable passwords.
+
 ## Generate passwords
 
 ### With basic shell utils