If your password is brute-forceable, you shouldn't be using it.
If it's not brute-forceable, you have no need to change it every two seconds.
If you think it's compromised, you need to change it whether or not you're certain, or "it's that time".
I implemented this on day one at my new workplace. Nobody has ever argued, even outside security auditors.
Biting the hand that feeds IT
