I’m wondering if CloudFlare has password retention policy as I want to have such possibility
For which passwords? Which possibility is it you are looking for?
I want CloudFlare to invalidate my password, for example, after 90 days and ask me to change it
Which password? Your Cloudflare password?
Yes, my CloudFlare password
No. Enable 2 Factor auth; choose a unique and secure password. Or if you are an Enterprise customer enable SSO and use your corporate policy.
There is no such thing for the time being. If you want to further secure your account your best bet would be two factor authentication.
I expect there will never be, finally the industry is moving into the direction of not invalidating passwords. It creates more reused passwords than the amount of problems it prevented.
Thats a possibility but as I dont have a crystal ball I wouldnt want to predict what Cloudflare might do in the future