Big enterprises that force their workers to change their access passwords on a regular basis, and adhere to complex rules when they do, might be their own worst enemy. At least that's how Boston Globe editor Mark Pothier sees it, and he cites a Microsoft research paper as part of his argument against that and other seemingly perfunctory IT rules.
We prefer using a solid root password and subtle variations to implement secure passwords, along with easy-but-secure browser tools. What does your own office require of your passwords, and do you think it helps or hurts? [Boston Globe via Gizmodo]