Added reference to NIST password creation guidelines.

index.html

@@ -216,6 +216,14 @@ because all BitCoin nodes have a copy of the BitCoin Ledger, and an attacker
 <a href="https://umanovskis.se/blog/post/leaky-faucet/">could attempt password cracking your wallet</a>.
 
 
+<h3>FAQ: Should I add numbers or an exclamation point to my password?</h3>
+
+No, don't do that.  The short answer is than length makes your password more secure than special characters do.  But don't take it from me, <a href="https://www.engadget.com/2017-08-08-nist-new-password-guidelines.html">take it from the man who put us through password hell</a> and regrets every minute of it.
+</p>
+
+The NIST has since released new password creation guidelines in a document which is rather lengthly, <a href="https://auth0.com/blog/dont-pass-on-the-new-nist-password-guidelines/">but summarized nicely here</a>.
+
+
 <h3>"I can't believe you're sending passwords over the Internet!"</h3>
 
 <a href="dude-chill-just-chill.gif">Chill</a>.  I'm not.  Passwords are generated within your browser and do not leave it (unless you copy them out yourself).
@@ -226,8 +234,7 @@ because all BitCoin nodes have a copy of the BitCoin Ledger, and an attacker
 Yes, insofar as we're using the 
 <a href="https://developer.mozilla.org/en-US/docs/Web/API/RandomSource/getRandomValues">getRandomValues() function in Javascript</a>, 
 and you trust that your
-browser and computer have not been compromised or otherwise tampered with.  Keep in mind that a not-so-theoretical attack
-would be for an attacker to compromise the random number generator on your computer so that
+browser and computer have not been compromised or otherwise tampered with.  Keep in mind that a not-so-theoretical attack would be for an attacker to compromise the random number generator on your computer so that
 anything that is encrypted (or passkeys generated) would be suspectible to less intense cryptoanalysis.