Interesting article from ZDNet. This is why I prefer a company specified and IT retained password for small organizations. It also means that IT support work can be done outside business hours so as not to impact on staff productivity:
Forcing users to change their passwords may do more harm than good: (ZDNet) http://www.zdnet.com/article/forcing-users-to-change-their-passwords-may-do-more-harm-than-good/
Further, Cranor notes that "There is also evidence from interview and survey studies to suggest that users who know they will have to change their password do not choose strong passwords to begin with and are more likely to write their passwords down."
digitalwelcomemat now has a blog!
Subscribe for the news as it happens, call me for support on 0404 493 770 or access my remote support solution here: http://help.digitalwelcomemat.com/
Digitalwelcomemat provides IT consultancy and services for business customers on the NSW Central Coast in Australia.