Microsoft conducted a study to weigh how effectively frequent password changes prevent cyber attacks and found that the advice generally doesn't make much sense. In this context it is surprising to see the IT departments making regular scheduled password changes as mandatory. Frequent password changes are simply a waste of time and, therefore, money.
According to the Microsoft researcher's very rough calculations each minute per day that computer users spend on changing passwords or on any security measure should yield $16 billion in annual savings from averted harm.
Now new research proves what you've probably suspected ever since your first pop-up announcing that your password has expired and you need to create a new one. This presumed security measure is little more than a big waste of time, the Boston Globe reports.
The study brought out the reason, someone who obtains your password will use it immediately, not sit on it for weeks until you have a chance to change it. "That's about as likely as a crook lifting a house key and then waiting until the lock is changed before sticking it in the door," the Globe says.
