Security experts suggest changing your passwords every 90 days or so. Really? I am by no means saying that that’s not sage advise, but rather that that is extremely difficult. I am also sure that a number (I won’t go so far as to say “most”) of people actually write them down – though that too is in violation of the security suggestion.

While working, we were required to change our passwords at least every 90 days. Eventually our system was automated and we only had to change it in one “single sign on” tool, which helped a lot. But I work for a large bank, and they had the resources to be able to implement something like this. I am sure there are a LOT of smaller companies (and obviously maybe some bigger ones too) that can’t or won’t.

Our company (and my wife’s [at least before she left it]), in conjunction with the password security, would send people around, randomly, to inspect workers’ desks to make sure they were locked each night, there was no “Personal and Confidential Information” (aka PCI) laying around, and, most importantly, there were no passwords – like on a post-it – readily visible somewhere.

Even though we were required to change our password every 90 days, our automated system pretty much made us change it every 83 days so as to not get locked out. And those “your password expires soon” reminders started to pop up two to three weeks ahead of time. So when we logged in for the day, or (since we were required to “lock” our computers when we left our desks) unlock our desktops, we’d get the same pop-up – until the password was actually changed.

While I’d like to think I came up with a clever way to keep my password updated so I can easily remember it, when I retire I’ll have one less password to keep track of. I certainly won’t miss that.