One of the biggest changes proposed by the new NIST Digital Identity Guidelines is getting rid of mandatory password changes. This would mean no longer changing your password every 90 days, which I agree with and most users will welcome with open arms.
This, along with a few other interesting twists make this well worth a read.
If you don't want to read the whole document, Chester Wisniewski over at Sophos did a great job of summarizing the key points here:
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/