"...proper password policies. Within 2 months I was forced to set the CEO's password to something without the required complexity that would never expire because he couldn't handle picking a new password every 30 days"
Forcing password change every 30 days is not a good password policy. It just encourages use of weak passwords.
While I'm at it... forcing use of special characters is also not a good idea, especially for any company working in an international environment where different locale's keyboards have different subsets of special characters almost always mapped to different keys that can cause all sorts of trouble. Upper + lower case + numbers give 62 options*, which if combined with min password length of say 12 characters is much more secure than 8-character password that has special characters.
"This for a user that... "
Of course as usual the weak link is the idiot user. It's effin unbelievable that as an IT user in financial services I have to go to a bunch of courses about "Know Your Client", anti-money laundering, anti-corruption policies etc (almost all of which I will NEVER encounter / need at work), while there is no course on security including password policies that is compulsory for all users (including business users who would not know this stuff AND who WILL need to use this every day)
*for English alphabet, some more for some other alphabets
Biting the hand that feeds IT
