Your advice on setting strong passwords is as outdated as your password policy. You need to fix that, too.