Lazy Diary @ Hatena Blog

PowerShell / Java / miscellaneous things about software development, Tips & Gochas. CC BY-SA 4.0/Apache License 2.0

Who does recommend changeing password periodically and who doesn't

Who recommends changeing password periodically

Some say you should change password periodically.

I think IPA should have another report that denies the effect of periodic password changing, but I cannot found a such information.


Who doesn't recommend changeing password periodically

Some say you don't have to (or should not) change password periodically.

Who neither recommends nor denies changeing password periodically

  • ISMS (ISO/IEC 27001:2013)

  • In Japanese: JIS Q 27001:2014

    A.9.2.5 資産の管理責任者は,利用者のアクセス権を定められた間隔でレビューしなければならない。 A.9.3.1 秘密認証情報の利用時に,組織の慣行に従うことを,利用者に要求しなければならない。


You can choose either one of them according to what your customer said!


Add 教育情報セキュリティポリシーに関するガイドライン案 (MEXT)


Add コンピュータウイルス・不正アクセスの届出状況[2010年2月分]について(IPA) and JIS Q 27001:2014