In 2017, the U.S. National Institute of Standards and Technology (NIST) issued a special publication that represented a shift, perhaps controversially, in the management of passwords for the U.S. Federal Government. Although the guidelines are not binding on us here in Australia, NIST advisories remain highly influential for technology related matters. The guidelines provided a number of mandates including: password lengths should be increased to up to 64 characters; password hints should not be allowed; and password reset options such as “What was the name of your first pet?” should not be allowed. Perhaps the two most controversial recommendations were that: passwords...