This guidance contains advice for system owners responsible for determining password policy. It is not intended to protect high value individuals using public services.

It advocates a dramatic simplification of the current approach at a system level, rather than asking users to recall unnecessarily complicated passwords.

More specifically, this document will help you to: