Originally Posted by
mkilmo
But it's important. Seriously. You may ask yourselves, what the problem? what can happen (btw, a hacker which will try all combinations will just get locked out, because modern systems which identify excessive number of tries just lock the account)?
I realise that, and am as concerned as anyone else about computer security. However, forcing a password change every 3 months results in LESS secure systems, not more secure systems, for the reasons explained above.