People rely on email to do a wide array of tasks. We use it to sign up for websites, apply for jobs, make payments, get in touch with friends and family, and many more. However, email is also commonly exploited by hackers to steal information or launch malware attacks.

A password policy designed for federal agencies must be secure, right? Surprisingly, that hasn’t been the case, according to the National Institute of Standards and Technology (NIST). The NIST created many of the password best practices you probably loathe — the combination of letters, numbers, and special characters — but it now says those guidelines were misguided and has changed its stance on the matter.

Last year, the National Institute of Standards and Technology removed SMS two-factor authentication from its list of preferred authentication methods. Since then, Google has encouraged users to use prompts-based 2-Step Verification (2-SV) methods instead.