Thank you to everyone taking the time to vote on this ask. Our security best practices recommend not making passwords expire and our focus is around this policy at the moment. You can read more about it in these two documents:
An error occurred while saving the commentPatrick commented
Only if the email would come from within the domain.
There is enough phishing attempts for accounts, don't want to muddy the waters.