There must be something in the water cooler over at Information Week, because I think this week’s Secret CIO column is right on the money, and I usually disagree with him, or skip the column because it’s just whining about corporate politics.
He talks about the commons sense that short password expiration times, combined with prohibiting re-suing of a large number of passwords just forces people to write them down – with a net loss of security. It’s perfect timing for me, as we’re currently reviewing our own password policy, and this is perfect reinforcement for not making it too draconian.