"If you have a different password for every website and you write them down in a log book then you don't have to worry about any complicated password management software".
Those guideline changes were thrust into the spotlight this week after former NIST manager Bill Burr - who created the original password standards in 2003 - said in a media interview that the previous approach was obsolete and based on inadequate information.
It's hard to create a secure password.
Speaking to the Wall Street Journal, Mr Burr said: "Much of what I did I now regret".
The IT expert responsible for suggesting people use complex passwords and change them regularly says he regrets the advice - adding it "drives people bananas". First, it's recommended that you pick a password made up of several random words. This is instead of numbers and characters.
This summer, NIST researchers released Special Publication 800-63, which outlines new best practices dictating an end to frequent password changes, and a move away from pithy combinations of upper and lower-case letters, numbers and symbols.
He added, however, that the cybersecurity industry can itself be guilty of overcomplicating password security - arguing that a method as simple as having a logbook of passwords, kept in a secure place, can be as effective as any other method in certain situations.
"If you try and think what the value of changing your password regularly is, it's hard to find the rationale for why it was the advice".
Though this would have no bearing on hacking that uses phishing or keystroke logging. It's recommended that you should only do this if there's been a breach of some kind where passwords and data may have been compromised. This is obviously something that companies should absolutely do but if individual users can get their hands on this list to check against that's good too. Let us know your thoughts down below in the comments section!