Our system will prompt you to change password every 90 days.


Why change password often ?


The reason password expiration policies exist, is to reduce the problems that would occur if an attacker obtain the password hashes of your system and were to break them. These policies also help minimize some of the risk associated with losing older backups to an attacker.

For example, if an attacker were to break in and obtain your shadow password file, they could then start brute forcing the passwords without further accessing the system. Once they know your password, they can access the system and install whatever back doors they want unless you happen to have changed your password in the time between the attacker acquiring the shadow password file and when they are able to brute force the password hash. If the password hash algorithm is secure enough to hold off the attacker for 90 days, password expiration ensures that the attacker won't gain anything of further value from the shadow password file, with the exception of the already obtained list of user accounts.