Periodic password change

From Safeval Wiki
Jump to: navigation, search

If the users are not forced to change their password periodically, they tend to use the same password for an indefinite time. This ends up weakening the safety of the mechanism since the password becomes susceptible to breakage by brute force (trial and error), by the observation of password entry, by the user revealing it to others and other social engineering techniques.

This security requirement is not universally accepted.