Rob Knake: Every 90 days, CSO forces everyone to change their passwords for e-mail access. Changing the password prevents an authorized user who has compromised a current password from continuing to use it. Strong passwords make it harder to hack into the system by guessing, either manually or using an automated program. Knake suggests that keeping passwords securely stored in human memory will reduce the risk of unauthorized access more than frequently changing them. A better option is to move to two-factor authentication where logging on requires knowing something (your password) and having something (a biometric identifier)”]
Source: https://www.csoonline.com/article/2120102/how-to-keep-passwords-secure.html