How often are enterprise users required to change passwords?
Study: Benchmarking: Passwords -- The Sad Truth About Security
Date: October 2006
22% of enterprise IT users are required to change their passwords as frequently as once a month.
34% are required to change their password every one to three months.
23% are not required to change their passwords.
Requiring users to change their passwords often didn't drive a greater use of written password records either.