NIST has published new standards for digital identifies. Highlights, via [Bruce Schneier], for passwords:

1. No password rules! Use pass phrases.
2. Don't expire passwords.
3. Allow password managers.

I have written about this [before], where I said my personal pet peeve was forced password expiration (#2). I hope organizations start using the new standards quickly!

[before]: "I hate password rules"
[Bruce Schneier]: "Changes in Password Best Practices"