I would need to check (not in charge of it), but I do remember in the fat stack of guidelines we got there was the password policy of 90 days. However, the point still stands that some people have no digital hygiene and will write down and share their passwords in plain text for all to see even if we didn't enforce password expiry. Though in all honesty, there's no winning combination when so many don't truly give a shit about digital security. As long as they can flaunt a certificate.
I would need to check (not in charge of it), but I do remember in the fat stack of guidelines we got there was the password policy of 90 days. However, the point still stands that some people have no digital hygiene and will write down and share their passwords in plain text for all to see even if we didn't enforce password expiry. Though in all honesty, there's no winning combination when so many don't truly give a shit about digital security. As long as they can flaunt a certificate.