“Your password will expire in X days.” That pop-up or email is all-too-familiar for employees at organizations requiring login credentials with the common “90- or 45-day rule” for changing or updating passwords. It’s a security best practice designed to help keep your accounts—and your organization—secure from hackers and nosy coworkers. But does it really?
While the “90-day rule” has been around for years, and there’s wide swings in how individual companies decide to enforce it, the outcome remains the same. Employees around the world stop what they’re doing, dream up a new, hopefully strong password, and apply it as quickly as possible so they can get back to the work at hand.
