Back in 2003, it was a different story.
Naked Security explains:
Back in 2003, an engineer called Bill Burr wrote the official guidance on password security for the US National Institute of Standards and Technology (NIST), since widely referenced as the last word on the subject for government departments, large organisations and, latterly, consumers.
Fourteen years on, and a year after NIST overhauled the document from scratch, Burr has told the Wall Streel Journal he regrets flaws in his advice, an unusual and brave admission for any professional to make.
Burr sums up his 2003 approach:
It just drives people bananas and they don’t pick good passwords no matter what you do.