On Tuesday 12 March 2002 16:08, Nick Patellis wrote: > Several have asked why we are forcing password > changing since other web based systems, Schwab, > banks, etc, do not force password changes.
Other web based systems have their own password policy and they mind their own business. You don't have to follow their security model, and if I were you, I'd insist on periodical password changing for everything that includes business and/or money transactions. I presume password changing is important for your company to feel safer (as well as feeling safer for the customers), therefore you should keep asking for password change regardles of other policies around the world. In extreme case, you might help yourself giving the annoying customer the paper where (s)he claims that in any damage caused by lost/stolen/forgotten password your company can't be charged. Some of them will sign the paper, some of them will think twice. -- Radoslav Dejanovic Senior Associate to Mayor's Office City of Zagreb, Croatia
