My biggest problem with the sites that use more obscure rules and force you to change the password frequently is that I'm not convinced it's really making things more secure because I find the harder it is for someone to remember their password, the far more likely it is that they'll write the password down somewhere, and frequently that somewhere will be easily located from where the computer is. This is something that I frequently have to harass my users about (among other things, we had a security audit a number of years ago, and this is one thing they specifically were looking for in the building). I have a few users that have pages of notes of sites and passwords sitting next to their computers. Thankfully, they're not generally the same faculty members that leave their office door wide open and wander off for hours at a time (in a building that has had occasional thefts occur in it). We do have one annoying piece of software in our department that makes you change the password every 6 months, and with the last update we had, they went from remembering the last 10 passwords to the last 50 (and I'd consider the last 10 to be excessive).

I was pretty resistant to it myself for a long time, but I've ultimately gone to using lastpass for things. I'm still kinda transitioning to it, but so far it's been pretty reasonable for me. We've also used keepass for stuff that we didn't really want stored online (although note, if you store the file for that on a network drive, when you can't access said network drive it becomes very difficult to retrieve the passwords you need from it in an emergency ).