Bad password advice makes passwords weaker

Unfortunately, a lot of password advice sounds reasonable, but needs context to be helpful. This post has some clarifications of some ubiquitous password myths, such as complexity, change frequency and writing them down. "If the attackers have already intercepted the actual password through a phishing campaign, then it doesn't matter if the password is eight, 20, or 50 characters." --