Most of these policies boil down to regulations or compliance. The financial industry, ironically, is a huge propagator of antiquated security controls.
We all knew that the controls were bad, but we had to use them
As a fellow person in finance... yuuuup. We switch passwords every 6 months and it is super annoying. A LOT of my coworkers are doing `password1` then `password2` which... sort of completely defeats the purpose of the policy.
