Policies !
My (online) bank has never asked for a password change, in about 15 years of use, yet my NHS email account forces a change every 90 days.
Why does changing my password make the email address more secure? Or is it just a ploy to keep IT staff employed doing exciting things like resetting the account, when I get locked out because one copy of Outlook isn't updated quickly enough?