I have a customer that now requires us to change every password every 90th day due to their interpretation of GDPR. That's fine for the web-based system we develop for them because we can just implement those rules. But they also require us to change the passwords on our SSH keys used to access the servers, which is, well, not fine.I have a customer that now requires us to chang