There is a fine balance between duration of expiring passwords and security: the more often you force a password change, the more passwords a user has to create, so the weaker the passwords (and security) become - either through the use of simpler "words", the use of a formulaic method to create passwords (which means the next password will be known if the current password is known), or they write them down (even if explicitly told not to).
There is a fine balance between duration of expiring passwords and security: the more often you force a password change, the more passwords a user has to create, so the weaker the passwords (and security) become - either through the use of simpler "words", the use of a formulaic method to create passwords (which means the next password will be known if the current password is known), or they write them down (even if explicitly told not to).