How Forced Password Expiration Affects Password Choice
Authors: Bruce K. Marshall

Abstract or Summary:
Password expiration is an easy audit check box to tick off since we know user passwords come under constant attack in a variety of ways. Whether we choose 90 days, 6 months, or some other standard we tend to agree that passwords shouldn't last forever.

However, users don't always share our commitment to security and may react to forced changes by making their new password a variation of their old one. Some professionals have questioned whether the associated stress and productivity impacts are worth continuing the practice.

In this talk we'll compare the actual passwords of corporate users, some subjected to scheduled password expiration and some not. The goal is to provide quantifiable data to help you determine whether password expiration makes sense for your organization. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019