A school of thought within cybersecurity circles argues for an aggressive stance, urging companies to force their employees to regularly change their passwords. They argue that letting passwords go stale only raises the odds that hackers, given more opportunity to guess the right combination, will eventually hit pay dirt. The only downside, they say, is that some employees might find it harder to remember their new logon sequence a small price to pay if it fosters greater security. The more often users are forced to change passwords, the more vulnerable their organization is to attack, researchers say.”]
Source: https://www.csoonline.com/article/3099210/when-should-push-come-to-shove-over-cybersecurity.html