Switch from complex passwords to passphrases. Focus on length over complexity for stronger security. Memorable passphrases reduce resets and improve defense against attacks. Implement clear guidelines for users: 3-4 unrelated words with a separator. Update password policies to support this approach, ensuring longer minimums and blocking compromised credentials. Monitor adoption and user feedback. While not a complete solution, passphrases enhance security when combined with other methods like MFA.
https://thehackernews.com/2025/10/why-you-should-swap-passwords-for.html

