The most publicized recommendation in the new NIST guidelines is eliminating password complexity rules, which is still contested on many security forums and a sore point for many employees. So, why do Microsoft and NIST both recommend against forced monthly or quarterly password resets? This whitepaper offers insight into the NIST 800-63b password guidelines and recommends an optimal approach an organization should take to follow the NIST password guidelines.