On 18/12/2016 16:54, ilf wrote: > Websites that impose such complexity requirements are not following > the NIST Digital Authentication Guidelines: Absolutely: there is no sense in them at all. That doesn't stop sites having stupid requirements, and no one algorithm will meet all the stupid requirements at once.