Expiring passwords are one of my biggest gripes, and I still see them everywhere
Due to corporate IT working its fingers into everything vaguely computer related, I now have to annually change the passwords that operators use to log onto the HMIs on my OT network (which has no connection to the greater Internet.)
That means I now get calls after hours for a couple weeks (allowing for all shifts to cycle through) from operators who are locked out of their ops stations. I can't send the password via email, obviously, and word-of-mouth is inconsistent at best. So I'm left with the sticky note under the keyboard or stuck to the monitor, which the operators won't read anyway.
My company does it to our phone passcodes. 90 days.
Expiring passwords and length limits. Why can't my password be a 5KB long? My password manager has no limits. Are people storing them in plain text in 2026?