Frequent Password Changes Are a Bad Idea ↦

Cranor eventually approached the chief information officer and the chief information security officer for the FTC and told them what a growing number of security experts have come to believe. Frequent password changes do little to improve security and very possibly make security worse by encouraging the use of passwords that are more susceptible to cracking.

[…]

Over the past few years, organizations including the National Institute of Standards and Technology in the US and UK government agency CESG have also concluded that mandated password changes are often ineffective or counterproductive.

Bingo.