I think it would certainly be very interesting if more companies provided rationales behind some of their corporate policies. Perhaps this would create more of a discussion and better educate employees rather than just setting out the rules. Maybe go one step further and allow employees to request changes?

Huh. I hadn't really thought about malicious actors using these vast password dumps to try and target users that are continually using weak passwords.