>>I think I know the guy that convinced the VP's to do this. He is the same guy that set the policy to have passwords expire ever 6 weeks.
>
>I don't agree with any of the new policies.
>
>OTOH, you should be grateful that your passwords are allowed to exist as long as 6 weeks. I'm not kidding here - a lot of organizations are much stricter than that - and in many cases, rightfully so. I could certainly see it for your organization.

Actually, forcing people to change their passwords does not usually help security much. You'll find most people will either switch back and forth between a couple of simple passwords or, if forced to chose a new one each time, they will do something like choose bob1, bob2, ..., bobN. The best password policy I've seen so far is the one at the Comp. Sci. department at my old university. The sys admin would run password cracker programs every weekend. If your password was cracked, he'd send you a notice and give you a week to fix it. If you didn't, he'd change your password and you'd have to come to him to get your account back, normally involving a little talk on what is and is not a good password.