How Forced Password Expiration Affects Password Choice
Date: August 2014
Publication: Passwords14 Las Vegas
Source 1: http://www.passwordresearch.com/files/How%20Forced%20Password%20Expiration%20Affects%20Password%20Choice.pdf
Abstract or Summary:
Password expiration is an easy audit check box to tick off since we know user passwords come under constant attack in a variety of ways. Whether we choose 90 days, 6 months, or some other standard we tend to agree that passwords shouldn't last forever.
However, users don't always share our commitment to security and may react to forced changes by making their new password a variation of their old one. Some professionals have questioned whether the associated stress and productivity impacts are worth continuing the practice.
In this talk we'll compare the actual passwords of corporate users, some subjected to scheduled password expiration and some not. The goal is to provide quantifiable data to help you determine whether password expiration makes sense for your organization.
PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=b9GFBBk7TzQ
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.