Unlike previous guidance, this doesn’t focus on trying to get ever more entropy into passwords. Instead CESG are encouraging system designers and security architects to think more about where they’re requiring passwords, and what they’re trying to achieve with them. As Information Services have always recommended to users – a simple approach can greatly improve security, and doesn’t have to compromise usability.
Follow the link below for the full report and infographic:
https://www.gov.uk/government/publications/password-policy-simplifying-your-approach