'IT's locked me out!' Dealing with mandated password change<article>
<section class="page">
<p>
A reader who wishes to remain anonymous has a bone to pick with corporate IT. He writes:</p>
My company forces us to change our email password every three months. I suppose this makes us more secure but it’s really inconvenient for me because sometimes I forget to change the password on one of my devices, that device tries to get my work email, the company’s system locks me out when it receives too many instances of the wrong password, and then I have to reset my password and start all over again. Can you recommend a technique that will prevent this from happening?
<p>
Depending on how open your IT department is to new ideas, you might forward them a copy of Microsoft’s
So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users. It and other security studies suggest that the “best practice” of changing passwords every couple of months has outlived its usefulness. Not only are attacks more varied and swift than when these policies were put in place, but it often causes users the kind of frustration that leads to greater security lapses (taping their new password to the monitor or simply creating a single-character variation from the old password, for example).</p><p class="jumpTag"><a href="/article/2853496/its-locked-me-out-dealing-with-mandated-password-change.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
'IT's locked me out!' Dealing with mandated password change