When was the last time you changed your password which was forced by the service provider(E.g. Online bank).

I am pretty sure you would have changed it between 30-90 days based on individual bank policy. But the question is why do we have to change the password if the password is strong and is not compromised.

Also, when we change the password regularly at defined intervals, we tend to introduce weaker passwords. For example, let’s say your password is “[Pr3ttyMeLikesD!$n3y]”.

This is a pretty good password. Yes, I also checked it against exposed passwords in XposedOrNot and the results are positive.