Posts on password entropy, passphrase math, password-storage hashing, and the threat models that drive each.https://password.tooljo.com/en-ushttps://password.tooljo.com/blog/why-password-rules-make-things-worse/https://password.tooljo.com/blog/why-password-rules-make-things-worse/Forcing a number, symbol, capital letter, and 90-day rotation produces 'P@ssw0rd1!' updated to 'P@ssw0rd2!' — same password, lower entropy. NIST changed its mind in 2017. Here's why most policies haven't caught up.Tue, 28 Apr 2026 00:00:00 GMT