NIST has published new standards for digital identifies. Highlights, via Bruce Schneier, for passwords:

  1. No password rules! Use pass phrases.
  2. Don't expire passwords.
  3. Allow password managers.

I have written about this before, where I said my personal pet peeve was forced password expiration (#2). I hope organizations start using the new standards quickly!