This post is the first in a series which I call “The flat earth posts”. In each post I discuss a commonly held truth which is a) untrue, b) hinders progress and c) causes unecessary work.
Many organizations force their users to change their passwords every 3 months or according to some other regular schedule. This policy is based on old established security policy “wisdom” that has been around for a long time, and which is seldom questioned.