I agree with some of the other post. Working in IT and being a certified ethical hacker (which is just the most pointless, worthless computer course I've ever took, but got to spend 3 weeks in India ) I think having to change your password every 30 days actually decreases security as people will tend to write it down or reuse passwords they've used elsewhere (plus the fact that if you forget your password a new one is emailed in clear text which is valid for 30 days) it would be better if you made sure the passwords are encrypted securely and salted, which im guessing they are