Password requirements and PCI compliance
We recently had to change some password requirements in order to become PCI compliant. The PCI Security Council is made up of the major credit card companies, who publish standards they enforce on payment processors and their partners, to make everyone's transactions as secure as possible.
Basically in order to accept credit cards, even though we don't store your cardholder information on this website, we have to be compliant so our payment processor will work with us. This includes making our password requirements more strict than is comfortable for some people: there are length and complexity requirements, as well as not allowing you to repeat passwords over time. We are sorry about this, but there is no choice.
We strongly recommend everyone use a password manager like 1Password or LastPass, to help with this issue, and because they make dealing with passwords (and other matters of personal data security) so much more pleasant.