Password Expiry is a Terrible Policy

Posted on January 29, 2019 in Information Security

A pet peeve, and an opinion, triggered by a recent experience:

Regularly occuring enforced password expiry is a terrible policy, whether it is every 60 days, or every 12 months. As a policy, it encourages users to choose the minimally secure password. Given a set of password complexity requirements (length …


Continue reading