"If I have to change it every XX days, I tend to pick very easy to remember passwords, and just change a digit at the end of it every time. As a result of this password "enhancement" system, I think I personally have much weaker passwords."
Assuming that "XX days" === 'less than 100 days', I totally agree.
We use a six month password cycle at work, and I think that's reasonable as it only takes me a few days to remember a password that I use tens of times a day. If it's a password that I use less frequently or a change is mandated more frequently, then I would do the same as Bruce and use something more obvious or only make small changes to the password each time.
Yes it makes it easier for users to forget the password. Passwords should be strong enough that brute force attacks aren't easy but some websites try to enforce ridiculously hard password which eventually result in the user forgetting his password. Kinda defeats the purpose.
Assuming that "XX days" === 'less than 100 days', I totally agree.
We use a six month password cycle at work, and I think that's reasonable as it only takes me a few days to remember a password that I use tens of times a day. If it's a password that I use less frequently or a change is mandated more frequently, then I would do the same as Bruce and use something more obvious or only make small changes to the password each time.