NIST's updated guidelines aim to improve password security by moving away from outdated practices like mandatory complexity requirements and periodic changes, which have proven to be ineffective and burdensome for users. The new recommendations encourage the use of longer passphrases, at least 15 characters, which are easier for humans to remember but harder for machines to crack. NIST also suggests embracing the full character set, including ASCII and Unicode characters, to offer more user choice and flexibility. The guidelines highlight the importance of keeping passwords unchanged unless there is evidence of compromise and advocate for biometric authentication methods like passkeys to reduce reliance on passwords. Despite these advancements, the challenge remains in encouraging organizations to adopt these guidelines, as many still cling to old practices. The update reflects a shift towards more user-friendly and realistic security measures, acknowledging the persistent vulnerabilities of password-based systems.