> The new guidelines recommend use of stronger authentication technologies that can resist phishing attacks, such as passkeys, which allow you to log in without passwords, typically just using your fingerprint or your face. The institute also suggests that websites add block lists of compromised and commonly used passwords that will prevent users from choosing vulnerable options. And companies are now required to let users employ password managers, a move that was previously only recommended by NIST.<p>Good to hear that they're doing some useful things rather than just cutting out old useless or counter-productive ideas.<p>> Whether users are using password managers or creating their own passwords, the institute wants systems to allow users to move beyond exclamation points and dollar signs. The guidelines recommend accepting all standard keyboard characters, including spaces, brackets, quotation marks and even characters like emojis.<p>Although this one is pretty useless. Password length is by far the most important factor and broadening the character set isn't likely to make it easier to remember a long password.