Oh I
have no problem with regular forced password changes, say quarterly or
so; I'm used to that in other contexts. But not a one-time password, which
will actually increase risk because people will choose "keep me logged in"
to avoid having to get a new password every time they want to log in.
I believe there's some research to suggest that quarterly password
changes decrease overall security. I personally would not like having
to do that.
These tend also to be solutions coming from moneyed
countries, and some of
these things involve technology that is not globally available.
I'm not sure what you mean by that.
--bawolff