Update advice on strong password rules

[jag1g13]

Copied from Slack message:

A comment on the advice provided on passwords though (the callout sourced from https://www.webopedia.com/TERM/S/strong_password.html):

Many security conscious organisations are now recommending against what was traditionally considered the good password style (the one used by that source) and are moving towards the XKCD-style passphrase, three or four random words, due to being easier to remember and harder to guess. NCSC in particular have been recommending it for a few years https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0.

Alternatively, machine generated passwords (https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#tip5-password-collection), but these rely on the users using a password manager and being comfortable with using it from the terminal (or copying the password across every time the need it) if used for SSH.

It's possible that some of the systems being used enforce traditional password rules and don't accept XKCD-style passwords, but this in general is a fault with the password policy which they should be encouraged to change.

There may obviously be constraints which mean the traditional password design is preferred in certain cases, but in general, the current advice should be to use passphrases made from random words e.g. https://preshing.com/20110811/xkcd-password-generator/

[james-grant1]

Incorporated text and links almost as wrote, in new passwords episode to follow in PR for topic-#1

[james-grant1]

This has now been merged into master as part of the episode refactor if you could review.

[jag1g13]

I noticed two typos,

• "Many meail providers" in the first paragraph
• "passwords it typically" in the callout "Strong passwords"

But otherwise looks good to me - happy to call this closed