From 1b0c85a270315b95f9ebde1f411fbe6f507cde3e Mon Sep 17 00:00:00 2001
From: "T. Hinrichsmeyer" <t.hinrichsmeyer@ndr.de>
Date: Wed, 26 Feb 2025 12:20:45 +0100
Subject: [PATCH] passwords

---
 docs/security/passwords/passwords.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docs/security/passwords/passwords.md b/docs/security/passwords/passwords.md
index 534651a..990e907 100644
--- a/docs/security/passwords/passwords.md
+++ b/docs/security/passwords/passwords.md
@@ -1,5 +1,22 @@
 # Passwords
 
+## Password policies
+
+[What's new - NIST Password Guidelines September 2024](https://www.oneadvanced.com/news-and-opinion/whats-new---nist-password-guidelines-september-2024/):
+
+> Additionally, the complexity requirements have changed from
+> requiring complexity to just focus on length.
+> This is because of common practices like capitalising
+> the first letter or adding a “1” or “!” to the end.
+
+[Password policy recommendations for Microsoft 365 passwords](https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide#requiring-the-use-of-multiple-character-sets):
+
+> Forcing your users to choose a combination of upper, lower, digits,
+> special characters has a negative effect.
+> Some complexity requirements even prevent users from using secure and
+> memorable passwords, and force them into coming up with less secure and
+> less memorable passwords.
+
 ## Generate passwords
 
 ### With basic shell utils
-- 
GitLab