Tod DeBie writes: "The IT department at my company recently put in a policy requiring everyone to change their passwords every 90 days. This was done supposedly to improve security. I think this policy will cause users to write their passwords down, use more easily guessable passwords and otherwise do less secure things. What does Slashdot think? Does this policy improve security?"