Explaination
NIST SP 800 63B password guidelines suggest that user account passwords should be at least 8 characters, and that temporary passwords (that must be changed at next logon) should be at least 6 characters. The characters should be derived from the set of 95 printable ASCII characters (as defined in
IETF RFC 20). Extrapolating these requirements indicates that a randomly generated user password should be based on a model that results in 95
8, or 6.63 ×10
15 possible combinations. (Likewise, the possible combinations for a temporary password should be at least 7.35 ×10
11.)