<i>Unlike previous guidance, this doesn't focus on trying to get ever more entropy into passwords. Instead we're encouraging system designers and security architects to think more about where they're requiring passwords, and what they're trying to achieve with them</i><p>Great from the system side. From the user end however, I had a revelation when I realized that I need to make a distinction between strong passwords and disposable passwords. Much has been said already about strong passwords for keys, log-ins, encryption, but disposable ones for almost all websites? That are easy to remember? I've been using SuperGenPass[1] for that and have loved it.<p>[1] <a href="http://www.supergenpass.com/" rel="nofollow">http://www.supergenpass.com/</a>
Finally someone with credibility who states that regular password changes are pointless, and may even reduce security. It's even backed by scientific publications from Microsoft.