This is good news for anyone implementing, creating or maintaining ISO policies. The fact that this new recommendation comes from NIST (National Institute of Standards and Technology) means it can give you the ammo you need to defend this new password policy.
** Remove periodic password change requirements
This is one that legions of corporate employees forced to create a new password every month will surely be happy about. There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, but the industry has doggedly held on to the practice.
Hopefully, these new recommendations will change that.
Source: Surprising New Password Guidelines from NIST – PasswordPing