regularly changing your password won’t change a thing

I was sitting there musing about the fact that of the 40 odd work systems with separate passwords I have access to, about half of them have to be changed regularly. A couple of them offend me particularly greatly by expiring after just 30 days. After giving it some thought, I couldn’t actually understand what additional security would be conferred by changing passwords regularly. Funnily enough, Gene Spafford from CERIAS at Purdue agrees – check out some of the myths about security and passwords these days.