Why the 90 Day Rule for Password Changing?
One of the key guidelines of changing behavior is focus on the fewest behaviors that address the greatest risk. When you take this approach, you will soon find the hardest part about effective awareness is deciding what NOT to teach people. For example, a frustration of mine is the old adage always change your passwords every 90 days. Why? This rule may have had value eons ago, but let’s take a look and see what the value (and costs) truly are.