[wil421]

A simple example would be changing passwords every 90 days. It’s been proven users will choose less secure passwords.

Here is an article from the FTC and one about NIST guidelines.

https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-r...

https://qz.com/981941/the-us-standards-office-wants-to-do-aw...