Any company that still insists on forced password resets and frequent changes needs to learn about Social Engineering and Human Factors.
These are the same companies that don't support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?
Any Insurance company * (I say so because as an IT Administrator I'm forced to enable this to keep our cyber insurance policy, but I feel rather confident it's unnecessary given the research and our migration to ldap tied fido).
All I know is the mortgage servicing company I use seems to have started ~3 month interval, that they don't say (no second factor available either). When I went to pay my internet bill, I get greeted with a message "you're passwords been reset". I'm stubborn and I was just using those sites to pay bills, so now I just don't log in to those anymore.
Insurance, and government need to catch up to the research. For sites that support them, I really like the Yubikey as a second factor.
Not sure why that would kill Firefox. Mozilla has done great work supporting passkeys and while their implementation isn't fully baked at the moment I have no reason to suspect they'll leave it incomplete.