Yes, I agree. I spent more than an hour trying to remember my password to change it. I couldn't do a reset. The change forces me to make passwords such as "passwordpassword1234abc" and I couldn't remember the "abc" I came up with the last time. Under the current system you also can't return to the previous password. I'm not sure if you can if you put one or two temporary ones.

This is a simple discussion forum, and it needs a second lowest password level in my opinion.

The forum is already deserted and this policy motivates people not to return.

It is something that I have learnt to live with. I save my passwords in a password protected text file on a Veracrypt password-protected virtual drive. Every 100 days I change my password for this website and update my text file.

If you have ever run a website, you will know that keeping it free from spammers is an onerous task that would make anyone quickly give up. Stefan enforced the strict policy to keep the place free from spammers, but I still have to manually remove a few spammers from time to time.

How is this related to spammers? Spammers post either immediately or after a short delay, perhaps a month, that is less than the password expiry interval of 200 days. They need a return on their advertising.

I emailed Stefan about this policy.

I heard nothing from Stefan after two weeks. I get the impression that he has more important things to do, like real work and his personal life.
We should be grateful that he set up this forum and has kept it functional for so long. There is no incentive to improving it. I have been visiting for 17 years now, and moderating for most of that. It is something I do in my free time. I help where I can, but I am just a casual user of IrfanView.

You've been lucky.
When I was working, ALL third-party "contractor" personnel (such as myself), would be under this sort of thumb, complete with bans on password re-use, log-off after 5 minutes inactivity (including when the global network went down). The Hell Desk would just hang up when you said the magic phrase "I'm a contractor at site XYZ ... hello, hello?"

(I just logged back in for the first time in (I think) several years, and my old password from -whenever- was still working. So maybe the policy has been relaxed.)

At least these days I only have to keep one computer synchronised, not my home computer; my "my employer office" computer; my "worksite work computer"; my "worksite off-shift" computer and my "this month's client office" computer - of which I only had admin rights (and removable storage access) on two.