One system I use just changed their password policy. Previously, the only requirement was 6 digits. (e.g. 123456, 111111)
Now it's 8 digit, with no bigger then 3 digit sequence, and no pattern such as abab anywhere.
No clear rules but the following are invalid:
- 11111111
- 12345678
- 12393659 (because of ^123)
- 76768747 (because of ^7676)
- 11195712 (because of ^111)
Any way to calculate the difference in randomness? mainly, is the set now bigger or smaller?