@cR0w @campuscodi No kidding. We’ve known for over a decade that more frequent training doesn’t improve outcomes. It’s reasonable to look at how much less frequent we can make it before outcomes suffer.

Feels like how password expiration was just made up as a starting point for further discussion, then it got carted around verbatim for decades.