I would love to know my companies reasoning. I work for a huge health care provider and everyone from care workers to the nurses in our office have to change our passwords each 6 weeks. Myself and others just keep the same passwords and increase the number at the end. Currently we keep getting these emails from IT telling us security threat level is high and don’t click links from unknown locations. The system is buggy to add to is all so people are constantly getting locked out and they call IT who helps change to another password. After having to do it so often so many times most of us just don’t care anymore. My password is kind of complex and in the middle I have a number that I just increase each time.