There’s no good reason today and in the future, period.

There are “experts” who still claim these, but they are based on a very dated recommendation from at least 15 - 20 years ago at this point. To some, such non-sensical requirements (by the fact that we should be storing passwords as hashes today) have become doctrine, rather than any fact based in reality.

And some users have been conditioned into thinking that these are good security practices as well, because governments and banks still make use of them, and these are the very organizations that should be the best-in-class when it comes to security. Some of these users become CEOs or product designers with more say than their IT and security experts in the company. The rest is history from there.

Just to add to the list or clarify further

• Arresting a mayor despite him obeying ICE orders
• Deport citizens and non-citizens without credible evidence and without due process
• Weaponize the judicial system against political dissidents and rivals
• Punish citizens and non-citizens for their First-Amendment-protected speech (which they claim to oh-so-love)
• Withdraw funding for USAID to immediately cripple the agency and deprive millions of people of basic human needs around the world