We're seeing customers move to score (entropy/complexity) triggered password policies. This provides improvements to the user experience (I can choose the complexity that works for me), reduces helpdesk calls (top complexity passwords never expire) and security (entropy/complexity score can be consumed by access management for auto step-up authentication).
The challenge is for when the policy sets "no expiry" - often customers use the expiry field to check that they're a valid/safe identity. To work around this we'd like to make the maximum expiry time configurable (i.e. greater than 365 days).