The irony here is this thread has been going on since 2018 and in that time NIST has completely changed its guidelines on passwords. They've removed the "90 day" recommendation along with many of the other recommendations that forced users to WRITE PASSWORDS DOWN ON PAPER which NIST found to be more vulnerable than passwords a user can remember. Duh...
