Largest Study of Its Kind Shows Outdated Password Practices Are Widespread
There is a discussion on Hacker News, but feel free to comment here as well.
Even corporate IT security still refuses to stop the frequent password change policies even when NIST now says it's safer to not change as often and just change passwords if it was compromised or shared somewhere else.
Every three damn months. It basically forces you to include something that makes the password less secure.