Sometimes more security = less security.

Security Myths and Passwords. This should be a must-read for all IT managers… that “change your password every 30 days” policy could well lead to less secure passwords and more time spent resetting lost ones — so why do it?