Comment by BrandoElFollito

These recommendations live in a mythical world, but not in a company.

In a company, you have individual passwords known by many people. They are written here and there. They are passed to other orgs because something.

In this ideal world of a non company, you have MFA everywhere, systems with great identity management wher you get bearers to access specific data, people using good passwords and whatnot.

This is not true in a company. If this is true in yours, you are the lucky 1%, cheers (and I envy you).

A good cybersecurity team will try to find reasonable solutions, a password rotation is one of them, in a despaired move to mitigate risks.

And then you have trauma that will say "we cannot change the password because we don't know where it is used".

Armchair cybersecurity experts should spend 24h with a company SOC to get an idea of the reality we live in.