First off, I would enforce my users to change their passwords periodically, I consider this practice a very good practice especially in the field of data security and integrity. In every company there is always someone to miss things up and never even care about changing their DEFAULT passwords. I think this enforcement can save a lot of time and money, we don't really need to fall in this pitfall before yielding to the policy of changing the password periodically.

Consider the following scenario, a negligent employee entered the password in the presence of a friend, colleague or even a client. This person might catch the password, and later try to gain access, without making sabotage, like going over and steal some sensitive data, if the password is not changed this person will still has a complete access to the data. This case is usually overlooked and neglected. {No countermeasure policy for such a case}.

Not to mention, many employee may open a work session from home, friend's house or even from a café. Here there is no guarantee that this PC is not watching the keyboard strokes {No guarantee of course}.

Believe me guys, in my country there are still people who don't even care about the passwords and their delicate mission. Even in the most hot seats. They keep all the doors of hell widely open, welcoming everyone.

My thoughts

Cheers