[tacticalogic]

A lot of that is what I call "busywork IT security junk" that doesn't really provide any more security except for IT jobs. . . It lets them show their non-IT superiors, who they don't really consider their "superiors," that they are "doing something" to justify what they are being paid. . . especially the busy work of requiring everyone, including the boss to change passwords every-so-often, whether they want to or not.

That just shows how ignorant you are of enterprise IT environments. Those password requirements are put into place to satisfy the IT security auditors that were hired by those "non-IT superiors".

[Swordmaker]

That just shows how ignorant you are of enterprise IT environments. Those password requirements are put into place to satisfy the IT security auditors that were hired by those "non-IT superiors".

Who support the IT people's jobs. . . and are invariably Windows oriented and biased to a man. I've run into them. It's still worthless busy work that gains no added security. . . for example, requiring people to change passwords too frequently merely forces them to write the new passwords down in some convenient place—always close to their computer and easily found, usually on a sticky note somewhere near their computer monitor, or even on the bottom of their keyboard, or taped to the pull out writing extension of their desk, with a list of previous passwords with lines through them—instead of memorizing them. I've seen this too many times. That's security?