Dear Business Manager,
I can sympathize with your dilemma. Productivity should be the focus but we can’t overlook security, otherwise we will be at a standstill. We can tighten up security without having employees jump through those 17 hoops. We will need to spend time and educate these employees as to our security concerns and maybe it will help them get on board with the necessary changes as well as well as making it easy on them.
Passwords are like passports or a blank check; if lost or stolen they give hackers a world of opportunity by providing access to your personal, financial and work data. The company wide Password Policy helps you be proactive in selecting a strong password and managing them, to protect your identity and company resources. Once you've read and understood the password policy, you should change your password and other passwords that do not meet the standards.
Strong Password Characteristics * Are at least eight alphanumeric characters long * Contain at least three of the following four categories: * upper case characters (e.g., A-Z) * lower case characters (e.g., a-z) (Note: Oracle does not distinguish between upper and lower case in passwords.) * Digits (e.g., 0-9) * Special characters ( e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./) (Note: Oracle allows only the special character underscore (_) in a password, unless the password is enclosed in quotes.) * Are kept private. Passwords should be memorized or, if written down, kept in a locked file cabinet or other secure location. * Do not contain a common proper name, login ID, email address, initials, first, middle or last name
Weak Password Characteristics * The password contains less than eight characters * The password is a word found in a dictionary (English or foreign) or a word in any language, slang, dialect, jargon, etc. * The password is the same as your user name or login name * The password is a common usage word such as names of family, pets, friends, computer terms, birthdays or other personal information, or number patterns like aaabbb, dddddd, qwerty, zyxwvuts, 123321, etc. * Any of the above spelled backwards * Any of the above preceded or followed by a digit (e.g., secret1, 1secret)
A List of Don’ts * Don't reveal a password over the phone or in person to anyone. Not your boss. Not your family. Not your co-workers. If someone demands a password, refer them to this document. * Don't reveal a password in an email message * Don't talk about a password in front of others * Don't hint at the format of a password (e.g., "my family name") * Don't reveal a password on questionnaires or security forms * Avoid writing passwords down, but if you must, store them in a secure place (e.g., a locked file cabinet) * Passwords should never be stored unencrypted on-line * Do not use the "Remember Password" feature of applications (e.g., Eudora, Outlook, Netscape Messenger) * Don't use the default password, if one is provided. Change it immediately to a new, stronger password. * Don't reuse old passwords. NetID passwords cannot be reused within a 12-month period, and passwords cannot be changed to any of the previous three passwords.

References
University of Wisconsin System. (2013, August). Creating Strong Passwords. Madison, WI, US.
Vanover, R. (2002, Febuary 14). Lock IT Down: Make a password policy part of your security plan. Columbus, Ohio, USA.