frequent password change
"seemingly reasonable requirement that passwords be changed regularly."
Often not that reasonable as instead of a nice long password that you change infrequently, when things have to be changed often you nd up using far shorter & thus less secure passwords (especially when, "for security", use of password managers is banned on work, & the sweeps for "violating" software installs on your PC checks for various well known password managers. Irritatingly as a dev, "for security", various useful tools ranging from wireshark, processhacker2 etc. are also banned with no exceptions FFS)