Why should one consider changing passwords frequently? Is it safe for one to do so? Does it increase a user’s safety towards cyber-attacks?
Well, we have all of your questions covered. Does the problem start with how often do you change your password? We bet some of your credentials are more than a decade old.
- On a simple note, your password is the only thing that stands between a stranger and your private data — so considering the point as mentioned above, when the last time you updated your device password was? We show you how to change it right now.
- Most of us only change our passwords when a situation forces us to. In most cases, that only happens when either you can’t remember it or an app or your company forces you to create a new one every few months.
- This arises a question on which approach is right? So, should you have your password not changed for years, or should you change it as often as the seasons?
These are the pros and cons of changing the password too frequently:
- It Makes Your Account a little bit more secure.
- Also, it is most generally said that changing your password frequently makes your account more secure.
- The above argument suggests that if you’re the unwitting victim of a particular leak, changing your password regularly can quickly negate the details that a would-be hacker has on file.
- Similarly, if someone has access to your password and your data without your knowledge, it prevents the person from snooping on you for an extended period. It’s why IT Managers around the country are so obsessed with foisting forced resets on you every couple of weeks.
- Is the argument valid? Yes, but it’s not as clear-cut as you might expect even if we assume that your new passwords are as strong as the previous ones, the practice has a comparatively minimal benefit.
- A University paper in Carleton, the researchers, explained that attackers who have access to hashed password files could perform attacks while offline. Due to which they can test large numbers of passwords in a short amount of time. Weak- and medium-strength passwords are at risk.
- The research paper shows the mathematically proof on how frequent substantial password changes hamper the attacks a negligible amount. The benefit is also certainly not worth the inconvenience that it brings to users.
- Instead of that, the paper recommends that system administrators should use slow hash functions like bcrypt. Users would also not be inconvenienced since the process makes it harder for attackers to guess a large number of passwords quickly.
Your New Password Is Likely to Be Insecure
We’re are sure that you don’t need us to tell you how to create a secure password, but the information is always worth repeating since some might not know:
- Your use a mix of letters and numbers in your password.
- It should use some uppercase and some lowercase letters.
- Ideally, it should contain special characters.
- It is more preferable for it to be more than 12 characters long.
Those four points are easier said than done. To create passwords that fulfill all the above requirements and then remembering them, it takes a lot of mental energy.
- Again, it’s a scientifically proven phenomenon. In 2010, researchers at the University of North Carolina released a research paper titled “The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis.” The students and researchers studied password histories from defunct accounts at the university on the research.
- The study involved analyzing more than 10,000 old accounts and 51,141 passwords. In the research, the researchers performed an offline hash attack and cracked 60 percent of the credentials which they had gathered. From those 60 percent, the 7,752 passwords from them were not the final password used on the account.
- They then used that data set to see if they could extrapolate other passwords connected to the account. The results were amazing. Among the 17 percent of the cases, the next password used on the account was such that it could be guessed in under five seconds.
- But why? The following study concluded that people tended to make minor alterations when it comes to changing passwords frequently. For example, Sausage123 might become $ausage123, hello cheese! Would become hello cheese!!, and so on.
When Should You Change Your Password?
- At the start, I joked that you probably have some passwords which are approaching their tenth birthday. But is that a joke?
- The evidence at which we’ve looked so far appears to suggest that long passwords might be a good thing. So, what’s the truth here? It’s just that you need a bit of common sense.
- Of course, if you suspect someone is accessing your account without your authorization, you should change your password. If you suspect that someone was watching you when you were entering your online banking credentials, then you should change your password immediately. Also, if you have to “loan” your password to someone else, you must change it.
How to Check if Someone has Access to Your Facebook Account?
- It’s both sinister and worrisome if is someone has access to your Facebook account without your knowledge. Here’s how to know if you’ve been breached.
- And if you think you’ve accidentally become the victim of a phishing scam, you should change your password.
- No matter what, in all cases, you need to make sure that your new password has no resemblance to the old one. Don’t use the same core word. Try not to put the same special characters in the same positions. Also, don’t try something like writing your old password backward.
- And also remember, to change your password across any other accounts which use similar credentials. For example, if your Facebook password is sun1 and your Twitter password is 1sun, you must change both of them.
What About Forced Password Resets?
- But what about forced password resets? But Is it a good idea for an app or your employer to force a new password on you? Probably not.
- In 2009, The National Institute of Standards and Technology said regular password changes are “beneficial for reducing the impact of some password compromises,” but in the long run, were “ineffective for others.” Also, users were frequently left frustrated due to the forced change. Companies need to reach a compromise between security and usability.
The Bottom Line
- The arguments given here might sound complicated, but are easy to summarize.
- User-initiated frequent password changes make users marginally more secure, providing the new password is highly robust.
- The enforced more frequent password changes often tend to have a negative effect, with users who choose less secure credentials.
- Now we want to hear your thoughts on the debate. So, are you confident in your ability to choose a secure password frequently? Or happy using the same old password on all your accounts?
- Remember that if you frequently create complicated new passwords, make a habit of using password manager apps like Last Pass. You won’t need to recall the passwords yourself.