CACM article on this topic (Score 1)

There was an article in CACM about a year ago on this subject. (Might have been IEEE Computer: I sometimes confuse them.) The basic gist was that stricter policies (change frequency or obscurity quotients) lead people to write down passwords to keep from forgetting them, and this, of course, generates new problems.