Apart from the fact that passwords suck
That's about as good as you're going to get. The only change I'd make is a minimum of 10 characters and a longer expiration time. if choosing a password is hard work and frequent, users choose weak passwords.
Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!