A pet peeve, and an opinion, triggered by a recent experience:

Regularly occurring enforced password expiry is a terrible policy, whether it is every 60 days, or every 12 months. As a policy, it encourages users to choose the minimally secure password. Given a set of password complexity requirements (length …