Frequently on the blog, we discuss passwords and password management. Most everyone with an internet connection has an online account that requires entering login credentials (e.g., username and password), be it a Facebook account, email, or a college or university student portal. Creating these accounts is the easy part; it’s managing their security that presents issues, especially concerning passwords. So, how often should you change your password, and does your password need to be so complex? Let’s take a look:
Problems with Frequent Password Changes
It used to be that passwords were to be changed every 30, 60, or 90 days, as recommended by NIST (the National Institute of Standards and Technology). Recently, however, NIST rescinded their recommendation after realizing that most people do not change their passwords so frequently and that strict password management does almost nothing to improve security. It’s seemingly unrealistic to regularly change passwords, especially since most of us access our various accounts every day, and creating and memorizing a unique and complex password for each account is an impossible feat.
When Should You Change Your Password?
So if the recommendation to change passwords monthly has been scrapped, then when should you make password changes? NIST now recommends:
- Remaining vigilant and watching or reading news about online data breaches and hacking events. These are often reported as soon as they are found by developers and white hat hackers so that the public can be made aware and take the necessary steps to secure their information.
- Keeping a watchful eye on your accounts. If there was an incident of unauthorized access, review your personal data and settings, and then change the password.
- Scanning your computer for malware or viruses. If a virus or malware is detected, use the cleaning program on your antivirus software, and then change your password.
- Reviewing any shared accounts. If the person you shared the account with no longer uses the service, make necessary password changes so their access is restricted.
- Changing your password after logging into your account via a public computer (e.g., hotel or library) or after accessing the account via public wifi (e.g., Starbucks).
- Changing your password if it has been over a year since you last changed it.
Password Complexity
If you’ve made an account or if you’ve had to change your password for an account in recent years, then you should know that current password standards require a string of numbers, letters, and special characters at least 8 characters long. If you use a password generator to create unique and complex passwords, it will spit out a random string of these characters with lowercase and uppercase letters strewn throughout. A password like this is almost impossible to memorize because it is not personal to you. It’s true that a password should be relatively complex, but this complexity arises from using words or initials and numbers that have meaning to you. As you should well know, a password should not be easy to guess. However, using a password manager will keep your passwords organized by account so you don’t have to memorize them. Make use of a password manager to store your unique passwords securely.
At M&H Consulting, we understand that passwords are your first line of defense against unwanted users accessing your accounts. We suggest following NIST’s recommendations concerning when to change your password. For more information about passwords and security for your business, contact M&H Consulting today, by phone at 1-(866)-964-8324, or visit our website at http://www.mhconsults.com.
Categorised in: computer, Computer Support, Consumers, data breach, data management, Devices, hacking, Health & Safety, Innovation, IT Consulting Services, Management, Password, Security, Tech Tips, tips