Microsoft has 6 password rules is recommends for network administrators and some of them may surprise you.

  1. Keep it short! The company said it’s best to keep it short and stick with an 8-character minimum length. This goes against recent expert recommendations that passwords should be as long as possible.
  2. Don’t mix it up. Microsoft says people shouldn’t be required to use irregular characters like ! or & in passwords. It’s also not necessary to require numbers or mixing of upper and lower case.
  3. Forget about frequent resets. They say companies should not require frequent password resets for accounts. Why? The thinking is that it encourages people to use super-easy passwords or just come up with variations on the same theme.
  4. Ban common passwords. The company says this is one of the most important ways to keep accounts secure. Hackers are way more likely to guess passwords that lots of people use.
  5. Don’t use work passwords at home. Users should be discouraged from using the same passwords for multiple accounts. All a hacker has to do is get their hands on one password and they’re in everywhere.
  6. Enforce multi-factor authentication. This is the most important tip for both home and work. Requiring a second step to get into an account makes many hackers give up.

It seems the experts are always changing best password practices. Some of that is because hackers continually change their approach. Smart experts also learn from what actually works in the real world. Rules that are too difficult to follow just get ignored.