NIST released new standards for password security in June in their final version of the SP 600-83 docs. Federal agencies and contractors use NIST’s standards as guidelines on how to secure digital identities.
In 2003, NIST manager Bill Burr made up the now-infamous “best practices” for passwords, including complexity with regard to special characters, capitalization, numerals, and so on. He recently admitted he regretted doing so to The Wall Street Journal - as his suggestions only increased user frustration while having little effect on security. The new NIST guidelines recommend using long passphrases instead of complex passwords.