Our regular user passwords change every 90 days. Admins including DBAs may use these for Word, Excel, email, etc., from our desktops. Our corresponding Admin accounts, which we must use to remote to servers (or in my case RUN AS for Management Studio, Query Analyzer, etc.) change every 30 days.
I like the 7-day multiple idea and will suggest it here. Maybe we'll wind up with 35 and 91.
For my password I use a Bible verse. Part of it becomes my desktop password, and three other parts become my successive admin passwords. I "tamper" with letters that can disguise as numbers or punctuation, in a pattern that I can predict but that does not show, and then I hide the original verse in plain sight as a reminder. (Yes, on a sticky!) I'm confident that even if someone guessed the purpose, they couldn't brute-force the actual password out of it, but at my age (nearing 60) I need the reminder, especially with one of them changing every month.
Plus, I learn a new verse four time a year. It will take awhile before I run out of new ones!
If one was so inclined, War and Peace or Atlas Shrugged would probably work as well (at least for passwords).
Senior Database Administrator
1st Source Bank