12 Jun
2009
12 Jun
'09
1:26 p.m.
Daniel Seagraves wrote:
(In reality however, I am most likely giving up my
password expiration
policy. The users are complaining to the owner about having to change
their password every 60 days, and the owner has told me if they
continue to complain the policy will be abolished
In my opinion, having a password
expiration policy with such a short
period is counterproductive. It will cause the users to be more sloppy
with their passwords in various ways, including leaving the passwords
written down in places they can easily be found. It will also make
users favor weaker, more easily guessed passwords, even if the system
sets minimum requirements; users are more willing to memorize a stronger
password if they're going to use it for a fairly long time.
Eric