I'm seeing more of this trend and actually like this "new" way of thinking about passwords. We've all bought into the "minimum eight character passwords that must be changed every 30 days" mumbo jumbo. Based on my experiences as a consultant, security can remain strong if users are trained (this is key) on six to 12 months. We all know it's human nature to write down (and negate the benefit of) complex passwords that have no personal meaning, especially if they have to be changed often. I'm a huge believer in balancing security with convenience because if it's not, no one but the hacker wins. Keep in mind that this is an ideal scenario. If you suspect a password is vulnerable due to someone sharing a password, transmitting it via cleartext e-mail, storing it on their unprotected hard drive, etc., then those passwords may need to be changed more often.
For more info on this topic, please visit these SearchSecurity.com resources:
Dig Deeper on Password management and policy
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.