This was already written up earlier today on another TechNet blog but I wanted to make note anyway in case subscribers don't digest the entire TechNet feed.

Prof. Eugene Stafford posted an interesting write-up on password policy myths.  Especially relevant to HE where passwords very often span longer periods of time.