How long do you think you should force users to change their passwords? I have a policy to force changes every 60 days. That would mean that they have to change their passwords about 6 times a year. Some users complain that they are running out ofpasswords because they are not allowed to reuse passwords. It’s better to be safe than inconvenienced.
