After the NIST passwords bombshell, we surveyed 2,600 IT professionals to find out how they were managing passwords The answers show that IT Pros are generally receptive to the proposed pass phrase concept suggested by NIST.
NIST Special Publication 800-63B, “Digital Identity Guidelines,” states: “Many attacks associated with the use of passwords are not affected by password complexity and length. Keystroke logging, phishing, and social engineering attacks are equally effective on lengthy, complex passwords as simple ones. This means that password complexity has failed in practice." Verizon's latest Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords, supporting the NIST conclusion.