When enterprise and security administrators set the time for which passwords are to remain valid, they typically decide how often it is that they want a user to select a new password to access the enterprise's assets. They must also decide how complex they want the password to be. These two competing configuration parameters are resolved via a compromise with one another.
For example, if the password complexity is too high and the update frequency to change the password too short, the users will have difficulty in remembering and creating passwords. Conversely, if the password complexity is too low and the update frequency too long, then security to the enterprise's assets may be too easily compromised by intruders.
Compounding this is that some users may prefer to have complex passwords with longer expiration times while other users may prefer to have simple passwords with shorter expiration times. Yet, conventional password administration takes a global approach that is focused on the enterprise as a whole or on particular assets of the enterprise without regard to individual preferences of the users. Consequently, there is generally one global standard approach adopted by administrators that attempts to adequately address as many competing interests as possible.
However, such global approaches ignore the usability issues associated with the individual preferences of the users. Thus, what is needed is a mechanism that allows for the custom modification of security access expiration conditions.