Passwords. You know when you have rules such as these;

• Passwords are not case specific
• Minimum Length = 8, Maximum Length = 20
• Minimum of 2 numeric characters
• No more than 3 of the same character
• Not the same as your Login Id or Name
• No obvious passwords
• Not the same as one you have used within the past 12 changes
• It shouldn't contain 3 concurrent keys on the keyboard
  e.g. "QWE", however there are exceptions e.g. "RTY"
• Passwords have a maximum validity of 90 days

It is just about impossible to create a password that is memorable - actually its' proving problematic just creating a password - this will merely result in it being written down somewhere. Which means almost the whole point of having a password is redundanct. Developers should really think about the human aspect of such things when they create such awkward rules.