NIST proposes barring some of the most nonsensical password rules

The National Institute of Standards and Technology (NIST) has recommended simplifying password requirements. The federal body proposed barring certain requirements, such as periodic resets, restricting use of particular characters and security questions. In new guidelines, the entity recommends passwords contain a minimum of eight characters, and advises that factors such as the use of a mixture of various character types not be enforced, though an organisation could insist on a password being changed if a breach were suspected.