In my Security in the Real World workshop I spend more time that I feel I should on passwords; picking good ones, password storage, and Windows password control. One thing that I say that always surprises the students is that it’s o.k. to write your passwords down, just store them in a safe place such as your wallet. (Steve Gibson of Gibson Research is the one who turned me on to this opinion.) this article from Security Pro News now says that changing your password monthly “has little to no impact on network security”.
“So why is your network manager such a psychotic out-of-touch maniac when it comes to forcing users to change passwords on a monthly or quarterly basis? He’s just following orders; unfortunately those orders were given at a time when the Mohawk had certain appeal as a hairstyle.”
I guess I need to update my PowerPoint slides for that workshop.
From another perspective, I’ve got a design complaint about the site hosting this article. When I went to print the artice for easier reading, I clicked on the “print version” link. Instead of the giving me the expected non-formatted, non-advertised version for printing, all the link did was issue a print command. (Shown below.) Talk about breaking user expectations.