our network forces us to use semi- complex passwords (>8 chars, upper/lowercase mix, at least one letter/number/symbol used) and they force us to change them every 30 days... but remind us that it needs changing after 15 days. does my head in. no way i remember a different complex password every month, so i use the same one everyone, just add the month name to the end each time.
whereas Facebook, i don't have to change that password, so i took the effort to make a 14 character one that's completely random.
i think our password security at work is too much, it encourages us to take shortcuts.