Password guidance has historically ignored human factors issues and required people to do things like changes passwords frequently which seems secure, but actually reduces security since it forces people to pick weaker passwords that they can easily memorize. NIST is finally taking some of these points into account with their new proposed guidance.