That our school makes us change passwords every 180 days. I cheat and just alternate between two.
It's what I call "yellow sticky note security" - it's when your password rules are so rigid, you force people to write in on a yellow sticky note and leave it by the computer.
Our office you change it every 60 days and you can't reuse the same pwd for a year BLAH
I also love it when IT guys force people to use @ for a and $ for s. That's like hiding your wallet in your sneakers at the beach.
Exactly.. i use to be a IT director in a prior life and had too many conversations about security. The idea of two many password changes and making them difficult really reduces overall security, not improve it.
I have a bank here that I think has a pretty good system, they give you a choice of having a token key which is a bit of a pain to carry with you since you never know when you may need to log in, or... every time you log in, they send you a random code via SMS to your phone which you need to enter to proceed. This way you never have to change the general password but you do need your cell phone to get full access to your account.