NIST has released the second update of a draft standard that includes rules for password acceptance and recommends against some common (and annoying) practices such as forcing regular password updates. It also has recommendations on lengths of passwords and allowable character sets.

See NIST proposes barring some of the most nonsensical password rules.