At Prophecy, we encourage complex and unique passwords, rather than arbitrary password aging policies. !
We’ve seen the bad habits these policies create, like the post-it note stuck to the desktop screen with the latest iteration of “passwordmay2017”
In recent years, more security experts have come around on the idea that people shouldn’t be required to change their password unless there is clear reason to do, primarily because people just don’t put in the effort to create secure passwords when they know they will have to change it in a few months.
- Is My Password Secure? NIST Advises Against Periodically Changing Passwords