Finally large organisations (the UK government in this case) are starting to see sense and advise against rapid password changing policies. They have also created a very well thought-out and standardised document for using and storing passwords which should be understandable by ‘normal’ computer users. Link