well, banks use the whole "not entering your entire password" to log on. Again that is not too hard to beat, just log em a few different times you should get the whole number no problem. Heck, its a number which rather limits the possibilities anyway.

Top of the list over making passwords expire is making people pick decent passwords to start with. Hell, properly trained users should change their password without it expiring.