"In my experience, the dumbness of the policy is directly proportional to the difficulty in making anyone understand how dumb it is."
Well, that's not exactly what we were talking about. If a policy is "just" dumb, or insecure, it's probably not your role to change it but, at most, to share your opinions with whomever is nominally responsible for that.
Here we are talking about subverting the policies in order to be able to get your job done. No need to explain anything here, just follow the policies and let others see why no work is done. By subverting the policy, you are not only not allowing the problem to surface -so it won't get corrected, but offering yourself as a scapegoat when shit hits the fan: not the policy's fault, but yours, since you didn't follow it.
"It's also dumb to allow the CEO to have a non-expiring password that is the name of the company. But good luck telling the CEO he can't have it"
Well, it's a problem if the CEO already has such a password. If that's not the case, sorry, sir, I can't change your password's policy, neither technically nor by authority. Now, if you are technically able to change it and your supervisor commands it -ideally in written, why not doing it? It's not your problem.