We have three month password expiry policy on AD accounts, but the requirements aren't extreme. We'd do away with it, but then we have our own CEO writing their password down on a piece of paper and giving it to us to troubleshoot their laptop (we have admin accounts for a reason ffs), after being repeatedly told not to, forcing employees to rotate their passwords suddenly doesn't sound too crazy. People are just way too irresponsible sometimes. Plus, we need to have it for certifications, so there's that.

Glad we are Passwordless. Now none knows me password.

I've got this email today but I have some days left, I think

Any source about why changing a password regularly is not recommended?

TOTP and KeePassXC is a blessing

I wish every system ever supported TOTP

My work password is my weakest password. It's still pretty good though.

Yeah, but I'm more used to them saying "occasional overtime" when they mean "5-10 hours mandatory overtime, unless it's actually busy, because we refuse to hire enough people to fill all the open positions." Because there's nothing smarter than giving all your sales staff enormous bonuses while the grunts on the floor are over 6 months behind for lack of adequate staffing.

Max. 16 characters

(Still remember: if they have a password length limit, they store the password in plain text! If they do that in the backend. They can do that in the frontend too, in the browser with javascript, which is safe.)