I think it's time to let "123456" and "password1234" retire.
Oh look, a pun on "aging" and "retire"! ....
Seriously, I see too many people keeping their passwords. Some of the "Smarter" people I've met keep the same base 8-10 character password, with a 2 digit month at the end of it. 2-3 week password aging cycle? That 2 digit number gets 1 added to it every change, until they hit however many the cycle has to be, and then they start over again, or changing back to 1 every jan.
How about NON-IT related passwords: I'm talking about bank website, or telephone banking passwords? ATM PIN on their bank / credit card?
We change website, email passwords, network passwords, you bet, but the admin / root password on the systems they monitor?
How about revisiting your accounts on whatever social networks / forums you have and changing their passwords, or better yet, checking out to see if the answer to your "Security question" is available online somewhere? How often should we run the gamut of "What websites do I have a username and password on", and how often should we change THOSE passwords?