My employer has reduced password age to 45 days - due to cybersecurity insurances policies. I contest that short password durations are worse for security. Better to have a long passphrase and be done with it.