Not 100% sure about server passwords, but here on our US Air Force networks we have to change our admin account's passwords every 90 days. But get this -- we're not allowed to choose our own passwords anymore. We have to accept a 15 character randon string. Of course there's no way anyone can remember these, so what do we do -- we write them down! Yet another example of how "progress" in terms of security has put us back at least 10 to 15 years...

On our classified network, we still also have to use 15 or more characters. At least we still get to choose our own passwords. Typically we'll pick an 8-character password and string it together twice (for a 16-char pw).

Both networks have a password history set to the max (remembers the last 36 maybe? I can't recall exactly)