Easy. Civil law operates on a concept called "preponderance". It's not absolute in nature it's a measure of likliehood as measured by non subject matter experts(a judge and some randos). Imagine a person has fallen on your property and injured themselves. If you are known in the neighborhood as a person that takes care of your sidewalk(shovels, patches broken concrete, etc.) and can produce evidence(character witnesses, testimonials, visuals) to that effect your case is strengthened.
No one ever got directly hacked because their password was too strong, but lots of people have had passwords guessed by brute force.
So put the two together. Its beneficial to have strong passwords because they can be presented as evidence of due diligence and there is no security risk to enforcing them. There may be some business risk(people fleeing because they don't like your password policy) but someone needs to quantify that its a problem for it to be considered in the calculus.
Look at that sally, a false equivocation right out of the gate. I'll just change your text so that it represents what I actually said ....
>How exactly does taking steps that have previously been used in civil suits to demonstrate due diligence such enforcing password requirements going to demonstrate due diligence?
Well I'm glad you asked billy! The answer is tautology. Thanks for playing.
This argument is stupid. You want to talk about yak shaving, theoretical nonsense. FWIW I agree with you and think that password requirements are dumb, but you live in the real world. These are the legal realities of IT policy.
No one ever got directly hacked because their password was too strong, but lots of people have had passwords guessed by brute force.
So put the two together. Its beneficial to have strong passwords because they can be presented as evidence of due diligence and there is no security risk to enforcing them. There may be some business risk(people fleeing because they don't like your password policy) but someone needs to quantify that its a problem for it to be considered in the calculus.