Users are required to periodically change authentication
information. Examples include periodic password change requirements,
use-based change requirements, and protection against reuse of passwords or
trivial variations on past passwords.
Complexity: This makes things a bit harder on the users.
fc@red.a.net