No, I would not like to change my password
One of the more annoying aspects of business software is the password expiration reminder. You know the one. “Your password will expire in 14 days, would you like to change it now?” The reminder would not be nearly so annoying if:
- Your password wasn’t expiring every 3 months already. Changing your password 2 weeks early if it lasts a year? Not a huge deal. Changing it early when 2 weeks is roughly 15% of your allotted time? Not gonna happen.
- The system would either apply a decreasing backoff (e.g., 1 week, 3 days, 1 day) or allow it to tell you when to remind you again (including never). But sadly these systems insist on reminding you every… single… day… until you finally change it.
IT departments could lengthen their password duration periods (which would also solve other problems), but somehow I don’t see that happening. In fact, the trend seems to be the reverse: shorter and shorter password periods. Perhaps eventually the password period itself will reach 2 weeks, at which point every day can yield a new password change reminder.
Or software developers could check to see whether you’ve already acknowledged a password change reminder and realize that if there’s more than a day or two to go you probably don’t need another reminder right away. Because as hard as it might be to believe, some people don’t change their passwords as soon as they’re reminded.
jeff pierce 