This was already written up earlier today on another TechNet blog but I wanted to make note anyway in case subscribers don't digest the entire TechNet feed.

Prof. Eugene Stafford posted an interesting write-up on password policy myths.  Especially relevant to HE where passwords very often span longer periods of time.

http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/