US NIST SP-800-63B is FINAL. It includes this gem IN THE STANDARD:
Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different
character types or prohibiting consecutively repeated characters) for memorized secrets.
Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).
However, verifiers SHALL force a change if there is evidence of compromise of the
authenticator