Sid 
Does anyone else despise mandatory password expirations as an #infosec security practice? Key rotations are good. Password expirations are terrible and encourage users to make and reuse terrible passwords, making small modifications to them to cheat the system. How is this so commonplace?
Jerry 🦙💝🦙@sidd thanks for an idea about a blog post. In general, I agree, but as someone responsible for defending a large organization, there is a practical benefit to even people incrementing a number at the end of their password every 90 days
@jerry I don't see that as providing additional value. Maybe I'm missing something, but if I were trying to break passwords (given a leaked hash database), and the password rule asked for "at least one numeral", I'd definitely add a fuzzer that tried variants appending 0..9 at the end of each tested string. That's the bit users are most likely to use for checking off the rule.