Password Aging at the College of Charleston

When LDAP came along, I just knew life for users of IT on the College of Charleston campus would be so much better. Before LDAP we all had to keep up with multiple logins and multiple passwords, one for each computer system that required user authentication. Now that LDAP is here and stable, we have single sign on for multiple campus systems. However, the efficacy gains through LDAP are thwarted by password aging. Aging passwords, at least with the frequency selected and enforced by IT at the College, may cause more harm to computer security than it is intended to provide. There is certainly nothing wrong with requiring strong passwords. But the frequent aging of strong passwords begs three questions:

1) How does the user change a strong password to something different and still strong?
2) How does the user remember the next, new strong password?
3) How does the user remain patient with IT because the user has lost work that was interrupted by the non-negotiable demand to change one’s perfectly good strong password at the worst possible time.

Any thoughts on the matter of including the human in the security equation? There are solutions and plenty of data to back them up. What is your position? What would you recommend to the IT at the College of Charleston?