The US government’s requirements for passwords has changed