Paul Ducklin and Chester Wisniewski take a look at the thorny issue of imposing password rules and regulations, in this audio episode, entitled Busting Password Myths. Their discussion considers:
When should you (be forced to) RESET your password?
Is forcing "COMPLEXITY" (length, nature of characters, case) in passwords necessarily a good idea?
Is it okay to REUSE the same password for different sites/applications?
Windows 7 Pro SP1 (64-bit), avast! v2016 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]