Is your Password Policy up to scratch? Many organisations require their users to regularly change their password. Is that really such a good idea?