The National Institute of Standards and Technology (NIST) released a draft of its Digital Identity Guidelines that included some significant and noteworthy changes. The document still has to go through an internal review process that is expected to last until the end of this summer. NIST recommended that security tools screen passwords against lists of dictionary words, known compromised passwords, and common usernames such as admin and root Password hints and knowledge-based questions dont work, especially since social network posts and social engineering schemes make it easier to figure the answers out.”]
Source: https://securityintelligence.com/the-new-nist-digital-identity-guidelines-and-what-they-mean-to-you/