You’ll be happy to know that standards bodies have noticed the “entropy reduction from excessive rules” problem. The latest version of NIST Special Publication 800-63B says to disallow four password categories like “already in a breach database” and “aaaaa,” but goes on to direct verifiers to not impose any other rules on password composition.
As for me, I just choose the first four digits of the busy beaver numbers--1621--as my PIN. As a noncomputable number, it’s guaranteed to be the most random choice possible.
You’ll be happy to know that standards bodies have noticed the “entropy reduction from excessive rules” problem. The latest version of NIST Special Publication 800-63B says to disallow four password categories like “already in a breach database” and “aaaaa,” but goes on to direct verifiers to not impose any other rules on password composition.
As for me, I just choose the first four digits of the busy beaver numbers--1621--as my PIN. As a noncomputable number, it’s guaranteed to be the most random choice possible.