Skip to content
Search

Latest Stories

Add Upworthy to your Google News feed.
Google News Button

For years, we've been told that long, complicated passwords—filled with random letters, numbers, and special characters—are the key to keeping our accounts secure. But new guidelines from the U.S. National Institute of Standards and Technology (NIST) suggest that this approach is outdated—and may actually make you less safe.

Instead of hard-to-remember combinations, experts now recommend using simpler, more memorable passwords that don’t require frequent changes, according to QBE European Operations.


media1.tenor.com

Why complicated passwords are no longer the best defense

For decades, security policies have pushed users to create unique passwords and update them regularly—often every 60 to 90 days. But according to NIST’s updated SP 800-63-4 guidelines, this method is no longer considered best practice, reported Sprinto.

Instead, NIST suggests:
Updating passwords only when necessary (such as after a security breach).
Avoiding frequent password resets unless there's evidence of compromise.
Focusing on length rather than complexity—long, memorable phrases are better than short, difficult-to-remember ones.

Representative Image Source: Pexels | Mikhail Nilov

The hidden dangers of overly complex passwords

When passwords become too difficult to remember, people tend to:
🔹 Write them down on sticky notes or in their phone’s notes app.
🔹 Reuse them across multiple sites.
🔹 Store them in browsers or password managers, which can become security risks themselves.

"If a password is too complicated, users are more likely to store it somewhere unsafe," NIST notes.

Hackers often exploit this by targeting saved credentials, making overly complex passwords a liability rather than a strength.


What makes a strong password today?

Instead of complex combinations like Xf9#jS*2!, NIST now recommends using:
A short sentence or a string of random words (e.g., "BlueElephantSky99")
Passwords between 8 and 15 characters
Minimal use of special characters or uppercase letters

NIST’s research found that longer, simple passwords are harder for attackers to guess than shorter, overly complex ones.

Representative Image Source: Pexels | Tima Miroshnichenko

What about businesses requiring frequent password changes?

Many organizations still require employees to update their passwords every few months. However, NIST’s Digital Identity Guidelines state that these frequent resets are unnecessary and ineffective.

"The latest changes incorporate real-world security risks and acknowledge that forced password changes do not significantly improve security," NIST explains.

Instead, the agency urges businesses to:
Allow employees to keep passwords longer unless a breach is suspected.
Encourage passphrases instead of short, complicated passwords.
Implement two-factor authentication (2FA) for added protection.

media.giphy.com

Should you change your password habits?

NIST’s updated guidance challenges traditional cybersecurity rules, but its recommendations are based on real-world data from compromised password databases.

As cyber threats continue to evolve, security experts agree:
Password complexity is less important than length.
Frequent password resets are unnecessary.
Memorable passphrases are better than random characters.

If your workplace or online accounts still enforce outdated password policies, it may be time to push for updated security measures that align with the latest research.

More For You

Widow keeps entire inheritance while stepdaughter faces eviction. She just got a reality check.
Representative Cover Image Source: Pexels | Mikhail Nilov; Reddit | u/Spiritual_Alps3413

Widow keeps entire inheritance while stepdaughter faces eviction. She just got a reality check.

Inheritance disputes often lead to heated debates, especially when a family is divided. One woman recently sparked outrage after revealing that she inherited her late husband’s entire estate—nearly a million dollars—without leaving anything for his 16-year-old daughter from a previous relationship.

Posting on Reddit as u/Spiritual_Alps3413, the widow asked if she was wrong for keeping everything while her stepdaughter and her mother struggled to survive.

Keep ReadingShow less
Man cancels wedding after fiancée refuses to include his daughter
Representative Cover Image Source: Pexels | TranStudios Photography & Video; Reddit | u/whoevenisthat5

Man cancels wedding after fiancée refuses to include his daughter

A wedding is supposed to be a celebration of love and family, but for one man, it became the breaking point in his relationship. Reddit user u/whoevenisthat5 shared how he was forced to call off his engagement after his fiancée refused to include his 11-year-old daughter in their wedding.

At first, he thought it was just a disagreement over wedding roles—but when he found out her real reason for wanting to leave his daughter out, he realized there was no future for them.

Keep ReadingShow less
9-year-old with autism stuns the world with an IQ higher than Einstein
Cover Image Source: Instagram/Adhara Maite Pérez Sánchez

9-year-old with autism stuns the world with an IQ higher than Einstein

At just 9 years old, Adhara Pérez Sánchez has achieved what most people can’t even imagine. The Mexico City native has an IQ of 162—higher than Albert Einstein and Stephen Hawking, who were both estimated to have IQs of 160, according to PEOPLE.

Despite facing relentless bullying due to her autism diagnosis, Pérez has not only graduated high school but is also pursuing two college degrees in systems engineering and mathematics.

Keep ReadingShow less
Teacher unleashes glorious payback against school after forced to pay for class trip himself
Representative image by Canva

Teacher unleashes glorious payback against school after forced to pay for class trip himself

School excursions often provide unforgettable experiences and bonding opportunities for students, but for teachers, they can be loaded with logistical headaches. So when a teacher was asked to single-handedly finance a field trip—with zero compensation—Reddit user u/Unfunded_Teacher took to the platform to vent about this bizarre demand.

Representative photo by Pexels | Anny Patterson

Keep ReadingShow less
The shopping cart test: the viral theory that claims to reveal who’s a “good” person
Representative photo by Joshua Rawson-Harris | Unsplash

The shopping cart test: the viral theory that claims to reveal who’s a “good” person

A simple decision at the grocery store—returning a shopping cart or leaving it in the parking lot—might say more about your personality than you realize. According to a viral theory, this everyday action is actually a litmus test for self-governance and social responsibility.

The idea, originally posted on 4chan, suggests that putting a cart back in its designated place is a sign of good character. Unlike other social norms, there are no immediate consequences for abandoning a cart, making it a pure test of whether someone will do the right thing without being forced.

Keep ReadingShow less