30.11.2020: Updated with the new patchseries and instructions for Windows
02.12.2020: Added tweaks
08.12.2020: Updated with patchseries v4
31.01.2020: Updated with patchseries v6
Below links provide source, reference link and relevant quote
https://github.com/usnistgov/800-63-3/blob/nist-pages/sp800-63b/sec5_authenticators.md
Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.
The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from