At work I have close to 50 different logins. Some expire every 30 days, 60, 90, while others never expire, or are even shared with the rest of the dept. It's a pain.
It can't be THAT hard to make it so everything authenticates to a single point.
IMO what companies should do is have a single point of authentication that is very secure such as two factor authentication, but have that as the ONLY password.
Also forcing to change is more or less useless. Let's say that at this very moment a brute force bot is trying to guess your password. You can change it all you want, but chances are decent whatever you change it to has not been tried yet by the bot. It's a hit/miss. What every authentication system needs is brute force protection. You can have the most secure password in the world, but if there is no brute force protection on the system, a bot will eventually get in.
Setup a Linux server, forward the SSH port to the internet, leave it like that. Use a very basic alpha numeric password for root. Give it 5-10 minutes and it's hacked. Install fail2ban or other brute force protection system, you wont get hacked. Heck, disable root logons, make a user account with a common name, like asmith or something. That account will get hacked within maybe 30 minutes. Brute force is the easiest way to hack, and also the easiest thing to protect from.