[unisog] Anyone have a citation for an academic research study on whether mandatory password changes increase security?

Michael Holstein michael.holstein at csuohio.edu
Mon May 7 12:45:21 GMT 2007


> Anyone have a citation for an academic research study on whether 
> mandatory password expiration and changes increase security?

The main problem with this is (as always) the human element.

People will choose a sufficiently complex password to satisfy your 
filter, and then just get annoyed at changing it. eg:

c0mplexpa$$w0rd

(and then)

c0mplexpa$$w0rd
c0mplexpa$$w0rd
c0mplexpa$$w0rd


More information about the unisog mailing list