I strongly believe that if you have a good password, and you are capable of keeping it secure, you should not be forced to change it, except by your own volition.
Two of my places of work force me to change my PW at 5 and 7 weekly intervals. So they are rarely in sync. So they are difficult to remember..... So I (and I know I am not the only one, we are all doing this ) choose really STUPID and easy to guess / remember PWs. Previous passwords cannot be used until they fall off the "recently used" list. This "recently used" list is useless as ****wits1 is deemed to be different from ****wits2
This is the complete opposite of what my incredibly stupid employers intended.
But when questioned by the government's stalinist company-inspection ****wits, they can tick the box that says "We enforce password changes every X weeks, to improve security".
So they get a pat on the back.
And very poor passwords.
|