It doesn't make sense because 90 days is too long. A password should be changed at least after 30 days - if they are strong enough. A cracker has 90 days to find out the correspondig password .....
Robert > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 17, 2003 8:02 PM > To: [EMAIL PROTECTED] > Subject: passwords > > > Hello all, > > one of the favorite subjects in my company seems to be the strength of > passwords. We force our users to change their mail password every 90 days. > Does this make sense? Why? > > -- > ullmic > > > >