Microsoft says mandatory password changing is “ancient and obsolete”

"11 character"

All the more reason to write the password on a Post-It note and stick it on the front of the monitor... :D

Nice find, ky!

That article is so spot on. Speaking personally, I have my bank which requires one long PW with uppercase, lowercase, numbers and symbols, plus 2nd factor authentication, which takes me about 30 seconds to log on. And the PW is permanent, unless I change it. The long PW is easy to memorize, because of the way I created it.

On the other hand, the several government departments and agencies I deal with invariably insist on monthly PW changes, and I do exactly what that article describes: change the PW by changing the last letter or number, and writing it down somewhere.

Requirements for frequent PW changes are not only less secure, they also decrease productivity, slow down the transformation of info, and increase irritation with the process. Which of course, is the actual intention of bureaucratic regulators ...

When it comes to security protocols, I trust my bank more than my public service.

"11 character"

It doesn't have to be a word, and/or mere gibberish... some people use pass-"phrases", that they find easy to remember.   For example (no, this is NOT mine):   ILoveMyDellXPS13

A good variation on pass phrases is to just take the first letter or number or symbol of an easily memorized phrase. For example, "The Toronto Blue Jays won the World Series  in 92 and 93!" translates to "TTBJwtWSi92a93!"  (not a PW I use, but one I would easily remember as a Blue Jay fan). Virtually unbreakable.

Or make a joke in another language: "Veni/vidi/vamoosed!" (I came, I saw, I ran away!) or use pig Latin combo.

I keep my passwords written down and located in a random position in my house, as backup. I don't trust PW manager software. It would take a break-in artist a long time to locate it.  Most of my PWs I can recall from memory, except for the ever changing Gov't PWs.