How often should employees of a company be required to change their computer passwords, and should they be prohibited from reusing previous passwords?
Computer security experts agree that passwords should be changed every one to three months. To be honest, a password change every day is the only truly secure system, and one that is not going to be used by anybody. Many company executives have complained that mandatory password changes are costly in terms of productivity, and some computer security experts argue that frequent password changes add only marginally to security. That argument is a little weak, however, because it assumes repeat use of passwords by employees, and minor variations in passwords, such as changing which among a series of letters is capitalized. If employees are required to change passwords regularly, and to use random series of letters, numbers and symbols, the chances of their computers being remotely accessed diminish.
People routinely use and reuse easy to remember passwords because of the difficulty of remembering so many passwords. It is often considered a bad idea to write them down, as that would make it easier for somebody to steal the information. The chances that their computers will be hacked by somebody sitting at or near their desks, however, is remote, as most hackers are not located near the computers they are attacking, and are often literally thousands of miles away. Writing down the password and storing it in a safe place is an option, assuming employees can trust each other.