Changing passwords frequently is not always a good solution
Until recently, IT experts recommended changing passwords regularly to reduce the risk of stealth theft or hacking by hackers.
Baltimax IT engineer and ESET expert Gediminas Mikelionis says that trends are changing. “Recent research shows that frequently changing passwords according to a set schedule does not necessarily increase account security. In other words, there is no one universal answer when you should change your passwords,” says G. Mikelionis.
A cybersecurity expert explains why it’s not recommended to change passwords every few months:
- users tend to choose weaker and memorized combinations when they know that they will have to change them again soon;
- the updated password is often similar to the old one, only slightly changed, for example, a number is added;
- this practice gives a false sense of security: if the previous password was already insecure and the new one is not stronger, hackers can easily crack it again;
- new passwords and those created every few months are more likely to be forgotten or written down somewhere, although, in this case, others can easily find them.
When is it necessary to change the password?
There are some cases where you need to change your password, especially for the most important accounts.
When a password is leaked to third-party databases, it is likely to be reported by service or password manager providers performing automated checks on the dark web.
It should also be changed when the password is weak and easily guessed, included in the list of most frequently used passwords, or used repeatedly in several accounts. Additionally, you should be quick to change your password if you discover that your device has been infected with malware, you’ve shared your password with someone else, removed people from a shared account, or logged in on a publicly accessible computer, such as a library.
It’s important to remember that it’s not enough to just change your password – it needs to be reliable. Cyber security expert G. Mikelionis presents two basic rules that he himself follows when creating passwords.
“When creating a password and trying to remember it, I convert a simple word into symbols and numbers. For example, I change from “password123” to “5l@pt@z0d1s123″. In exceptional cases, I do not know the password at all, because I remember the password combination on the keyboard. The second rule is that I always use two-step authentication if the system supports this function”, advised Gediminas Mikelionis. 7 tips to protect your data:
- always use strong – long and unique – passwords;
- store them in a password manager that will have one master login password and can automatically remind you of all your passwords for any website or app;
- watch for alerts about compromised passwords and take immediate action upon receiving them; 4. whenever possible, enable two-factor authentication to provide an additional level of security for your account;
- consider enabling access keys (eng. passkeys) to allow you to seamlessly and securely access your accounts using your phone;
- consider doing a regular password review: Review the passwords for all your accounts and make sure they aren’t duplicated or easily guessed. Replace any that are weak, repetitive or that may contain personal information such as birthdays, names of family members or pets;
- don’t store passwords in your browser, it’s a popular and easy target for hackers. Hackers can steal passwords using malware. In addition, saved passwords could be seen by any other person using the same device.
