Your security is only as good as the weakest link, which is usually people. If your password policy encourages users to stick a note to their screen then your weakest link is anyone in the office deciding to take a selfie or joining a call with their camera on. Best practices balance security with what users are actually willing to do.
But ‘cold’ and ‘heated’ are bad. People are weird about temperature.