Besides, what does it mean if someone has been in IT longer than someone
else? I've been around for over 30 years, and I can say from the viewpoint
of someone being forced to change passwords at excessively short intervals
that it does not work! Everyone either wrote the new password down or would
print a screenshot of it. If they lost that, they would ask for another password
to be assigned, then write it down or take the screenshot. So, outside of a
bit of inconvenience to the user, what does forcing password change every
month accomplish? Not much. A strong password that is not easily guessed
but can be remembered seems to be a more reasonable approach.
edit to add...
those "new" ideas were rebuffed by the 15th century church leaders as well...
how dare those young heretics suggest the world is not flat but is round!!
Keep Up with TechRepublic