... so many times in my time as an Admin, when I ask a user to login for me because of not knowing their password, I've been able to gain their password just by watching them type it in. If I can get their password that way, how many others can get it the same way?
If the user isn't careful when typing their password and make it visible to anyone standing around or walking by, it makes a lot of sense to force a change.
We here force a change every 65 days, I'm for making it 20 - 30 days for a forced change. It make more sense to me because I have found out that the shorter time between passwords the less the users forget them because they don't have to try to remember them for so long before the next change.
I don't care for writing passwords down but, if a user needs to do that in order to remember their password then they should place it in a more secure location than on their monitor. I've had some place it on the underside of their desktop, or in their Day-Runner or in some other less accessible location.
Keep Up with TechRepublic