From 09f5afbc39fa9c099bf4d3c13621abbd53557b29 Mon Sep 17 00:00:00 2001
From: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
Date: Thu, 26 Sep 2024 14:57:07 -1000
Subject: [PATCH] SFI:ROPC metadata (#33726)

* SFI:ROPC metadata

I think we should standardize on ROPC hits that have been fixed.

* Update aspnetcore/security/authorization/secure-data.md

Co-authored-by: Tom Dykstra <tdykstra@microsoft.com>

* Update aspnetcore/security/authorization/secure-data.md

* Update aspnetcore/security/authorization/secure-data.md

---------

Co-authored-by: Tom Dykstra <tdykstra@microsoft.com>
---
 aspnetcore/security/authorization/secure-data.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/aspnetcore/security/authorization/secure-data.md b/aspnetcore/security/authorization/secure-data.md
index 53cb0d3aab..0c3ab2a659 100644
--- a/aspnetcore/security/authorization/secure-data.md
+++ b/aspnetcore/security/authorization/secure-data.md
@@ -5,6 +5,7 @@ description: Learn how to create an ASP.NET Core web app with user data protecte
 ms.author: riande
 ms.date: 12/5/2021
 ms.custom: mvc
+ms.sfi.ropc: t
 uid: security/authorization/secure-data
 ---
 
@@ -293,7 +294,12 @@ In the preceding code:
 
 If you haven't already set a password for seeded user accounts, use the [Secret Manager tool](xref:security/app-secrets#secret-manager) to set a password:
 
-* Choose a strong password: Use eight or more characters and at least one upper-case character, number, and symbol.
+* Choose a [strong password](https://support.microsoft.com/en-us/windows/create-and-use-strong-passwords-c5cebb49-8c53-4f5e-2bc4-fe357ca048eb):
+  * At least 12 characters long but 14 or more is better.
+  * A combination of uppercase letters, lowercase letters, numbers, and symbols.
+  * Not a word that can be found in a dictionary or the name of a person, character, product, or organization.
+  * Significantly different from your previous passwords.
+  * Easy for you to remember but difficult for others to guess. Consider using a memorable phrase like "6MonkeysRLooking^".
 * Execute the following command from the project's folder, where `<PW>` is the password:
 
   ```dotnetcli