Re: Too Many bad Movies
"I think the constant need to cycle new passwords (sometimes every few weeks) is because too many CSOs/CIOs/CTOs watch bad hollywood movies.
Or because Password Policy is built into the software, whether that be Active Directory, LDAP, Oracle or SQL Server or whatever, password expiration is often a checkbox on the account details.
If it's there then the security audit people expect it to be used. I've had some discussions with the security people about non-expiring passwords because they don't understand that a non-user account (like one that is used for a Window Service) should not be on the auto-expiring password policy.