The tyranny of mandatory password resets only makes security weaker.
tl;dr changing passwords often doesn’t make things safer. In fact it encourages people to pick weaker passwords they will be able to cycle through and remember.
The longer version of this article is that, like TSA, this is security theater. Most IT groups cannot justify their existence with simple things like “use a good password tool like 1Password”. They need large, complex, and costly processes to ensure that… well… there is good security theater.