Finally, Bill Burr (a former NIST employee) has stepped forward and accepted responsibility for those password complexity requirements that we all dislike.  This article in Gizmodo (based on an article in the Wall Street Journal) tells the story of how the original guidance on constructing secure passwords was developed by Burr, who had almost no knowledge of information security.  Now retired, Burr has come to realize that the guidance he introduced is less than effective despite being widely adopted in businesses today.

But what should we do?  Well, NIST now suggests the adoption long “passphrases” rather than a completely random string of letters, numbers, and special characters, however few applications or IT departments have completely abandoned the old guidance.  But at least now, we know who to blame for our password woes every 90 days, and that he’s sorry for the pain he has caused.

via Gizmodo