Sid 
Does anyone else despise mandatory password expirations as an #infosec security practice? Key rotations are good. Password expirations are terrible and encourage users to make and reuse terrible passwords, making small modifications to them to cheat the system. How is this so commonplace?
Jerry 🦙💝🦙@sidd thanks for an idea about a blog post. In general, I agree, but as someone responsible for defending a large organization, there is a practical benefit to even people incrementing a number at the end of their password every 90 days
Alex Nedelcu 
The policy makes sense only because people are setting simple passwords. However, the systems I've seen also limit password length, which effectively encourages people to pick simple passwords suffixed by 1 or 2 digits.
Making people change their password is a bad practice from a different age, IMO. Such orgs these days are only safe due to proliferation of 2FA, IMO.
disintegr8te 
@alexandru @sidd Ideally, we force MFA. The most significant problem I face with password only authentication is password reuse. And it's a major problem.