every three months at least. · For each time of changing password, it should not determine new password similar to the latest password. · do not determine the password in the typical form such as “abcdef