NIST's new guidelines advise against requiring mixed character types in passwords and mandating regular password changes unless a breach occurs. They also recommend discontinuing the use of security questions for password recovery, aligning with recommendations from organizations like the FTC and Microsoft.