Those who actually are security experts do know that forcing frequent password changes causes more security breaches not less.
Those who force frequent password changes and those who force using email address as login id -- are proving that they know little about security.