Rules and Password Timeouts
Somewhere I worked implemented a 6-month timeout on passwords AND bullshit rules AND non-reuse.
So after 6 months of using your nice strong password you were forced to give it up and try and remember another one.
Of course being a programmer, it took me a few minutes to discover I could change it 5 times and back to the original.
So every 6 months I have to spend a half hour or so resetting my password back to where it was in the first place. I book the time to "computer outages". Ho hum.