[tialaramex]

The only employer I've had which had a dumb rotation rule was of course a huge American Credit Reference Agency which due to ordinary incompetence lost a lot of people's personal information.

These days I work in tertiary education, so there's a complete spectrum from people who probably have memorised a unique sixteen alphanumerics password twenty years ago to folks who needed a service desk worker to help them walk through resetting after having forgotten their password was the name of one of Henry VIII's wives. And there's likewise a spectrum between "I hand-built this optical splitter and splice so that I could steal the exam answers without any trace on the network" and "I wrote the formulae on my thigh in permanent marker and then wore a skirt with a big slit down one side" in terms of the technical sophistication of attacks.

Edited to add: When I did work for the CRA with the rotation rule I would write down each of the passwords in columns in the back of my log book since otherwise I might forget one and that was a huge pain to get reset, it's just not realistic to memorize "random" values you'll have to replace frequently. And of course they had two "Single" Sign On systems because of warring management, so that's two passwords to rotate.