NIST 800-63B Digital Identity Guidelines
Please update the password requirements to match both those of NIST 800-63B Digital Identity Guidelines and those suggested by Microsoft https://www.microsoft.com/en-us/research/publication/password-guidance/.
Also the ability to build a password blacklist.
We’re well aware of the NIST 800-63B guidelines (and it’s my team that wrote that password whitepaper!). We’re currently making some foundational changes that should subsequently let us implement many or most of the password composition guidelines.
As for a password blacklist, today we have a banned password list in place that prevents users from using known-bad words, phrases, and passwords. We also have a custom list feature that lets you define your own words and patterns. That’s in private preview today and we’re working to get it to public preview over the next few months.