It is certainly not this site that is the only one doing it, pretty soon we will have 45 digit not repeating alpha numeric passwords changed every 4 weeks, with phone verification.
All because servers cannot keep our data secure.
With simple setup it is virtually impossible to guess a 4 digit password.
with maximum 5 tries and 10 seconds after failure you do not have the time to guess a password
but when the server data and the hashed passwords, they have infinite time to guess passwords
so because the software engineers is boobs, we have crazy passwords