In the computer age, one of the things we all need to deal with is passwords. I have so many of them. At work, there used to be a ton of password policies. One of them was forcing people to change their passwords every 90 days, for no reason, even if there were no signs that the password had been compromised. It was change for the sake of change. This was one of my biggest peeves at work. It didn’t seem to make things more secure, it just inconvenienced employees.
Recently, the National Institute of Standards and Technology (NIST) in the US, released a new set of guidelines for passwords. Among the many recommendations was not forcing people to change their passwords without a legitimate reason. Yes! Finally!
The security people at work must have read the new guidelines because the new company policy is now allowing passwords to be valid for a period of up to several years. If a reason comes up for the need to change the password immediately, only then will employees be forced to do so. Otherwise, passwords will remain the same for a long time.
I recently switched over to a new password and if I’m lucky, it will be the password I use for years to come.