Frequent Password Changes Are a Bad Idea →

Cran­or even­tu­ally ap­proached the chief in­form­a­tion of­ficer and the chief in­form­a­tion se­cur­ity of­ficer for the FTC and told them what a grow­ing num­ber of se­cur­ity ex­perts have come to be­lieve. Fre­quent pass­word changes do little to im­prove se­cur­ity and very pos­sibly make se­cur­ity worse by en­cour­aging the use of pass­words that are more sus­cept­ible to crack­ing.

Over the past few years, or­gan­iz­a­tions in­clud­ing the Na­tion­al In­sti­tute of Stand­ards and Tech­no­logy in the US and UK gov­ern­ment agency CESG have also con­cluded that man­dated pass­word changes are of­ten in­ef­fect­ive or coun­ter­pro­duct­ive.