546
NIST proposes barring some of the most nonsensical password rules
(arstechnica.com)
This is a most excellent place for technology news and articles.
It's crazy that they didn't include all the "should" items in that list. If you read the entire section, there's a critical element that's missing in the list, which is that new passwords should be checked against blocklists. Otherwise, if you combine 1, 5, and 6, you end up with people using "password" as their password, and keeping that forever. Really, really poor organization on their part. I'm already fighting this at work.