These are unfortunately unavoidable. My organization needs to set policy for the use and control of non-expiring passwords. What are your policy recommendations and how do you control them?
