546
NIST proposes barring some of the most nonsensical password rules
(arstechnica.com)
This is a most excellent place for technology news and articles.
Eh, I think they should nag users to change their password proportional to how "strong" their password is. If you're barely meeting the minimum: reset every few months. If you're using a proper passphrase dozens of characters long: only reset if there's evidence of compromise.