In its new guidelines on secure password practices, NIST recommended using long strings of random words instead of a combination of characters and symbols.