This is an interesting (and a little provoking) post on Password Policy history, and mistakes made in the past we are still suffering from. To be read together with the new NIST SP 800-63 “Digital Identity Guidelines” draft (here) and the history of Password Policy and Password Security from 1979.