Unfortunately, many companies still have security policies according to frequently password changes for endusers. Which first sounds like a good idea may fastly result in a less better security – I also often call this security by obscurity. So, why is password rotation a bad idea nowadays? First, let us have a look at the past before year 2000, where users had really short passwords with less than 10 characters. Many dynamic websites (e.g. free mailers, etc.) at that time enforced a passwo...
