Changing Your Password on a Regular Basis: Pros & Cons
Should you be changing your password on a regular basis? It’s a question that comes in a lot from SpeedyPassword readers. The simplest answer? It depends.
Cyber security risks have increased and hacking technologies have improved a lot in the past 10 years. So, using the same passwords for a whole decade absolutely puts your account security at risk. But changing your password on a regular basis just for the sake of “security” can also be a mistake – especially if it leads to the use of unsafe password reminder tactics like weak passwords and scribbled notes taped to your desktop screen.
The practice of changing passwords regularly continues to be a common security measure recommended by some IT specialists. We wanted to know why this is – and we’re sure you do too! So, we looked at both sides of the argument to find out if regular password updates are truly necessary…
Pros – Why changing your password frequently is recommended
Scheduled password changes are generally considered as good practice to prevent “snoopers” from gaining access to your accounts and tracking your activity over an extended period of time. For example, if someone gained access to your email account, they could monitor your private communications over time or attempt to use your banking info to siphon off small amounts of money every so often. In theory, a regular password change would stop these criminal activities every few months – whether or not you were aware of the breach.
Many companies ask their employees to change their company passwords on a regular basis, as the flow of workers through an office can increase the chances of unauthorized access to sensitive corporate and employee information. Remote access to company databases also increases security risk, so changing passwords after sessions on outside devices reduces the chance that an outsider can gain (and keep) access to corporate information.
Cons – Why changing your password frequently is risky
Frequent changes make it more difficult to remember strong passwords (Make sure you know how to build a strong password!). If you set yourself up to change 15-20 passwords every month, you’ll probably start to cut corners by repeating passwords across multiple accounts or using simple, easy-to-recall words or phrases. Compromising your account security with poor password practices is much riskier than keeping the same strong passwords for a longer period of time. A Microsoft study also found that password changes accounted for billions in lost productivity among workers!
If a cybercriminal gains access to your account, two things will most likely happen. First, the attacker will change your password to lock you out of the account. Next, they will do their damage right away in order to gain their profit quickly, and with less risk of being caught. The probability is lower that someone would commit such a crime and remain at the scene for a long period of time. In fact, this type of behavior would be most likely if the person accessing the account knows you personally and has motive to “just” snoop – an instance, as you’ll see in a minute, where you should in fact change your password. Click here for some suggestions from Microsoft on what to do if your account has been hacked.
The bottom line…
If your password is unique, strong and is not compromised, there is no benefit in swapping it out for a new one. You can check the strength of your password here.
Regular password changes can cause more harm than good due to the limits of our human capacity to create and remember the long list of passwords that we need to use on a regular basis. Cutting corners with weak password practices puts your accounts at greater risk because they are easier for hackers to crack. And it is just as dangerous to keep detailed written lists of usernames and passwords on paper or in easy-to-access files that can be physically stolen.
This is why password managers were developed – to keep accounts properly secure, while helping us manage and remember the passwords we need. For example, SpeedyPassword creates a strong, unique password for each of your accounts, and then securely conceals and encodes the data (instead of storing it – which would be as bad as keeping a written list in your notebook!). All you need to do is remember one password – your master password – so you can be confident that your accounts are safe.
Here is where to proceed with caution about changing your password. You should change your password if:
- You have not verified that your master password is strong and unique enough to protect your account (test your password here);
- You have shared your master password with someone you no longer trust; or
- You have been generally careless with leaving your master password accessible to others unsupervised.
Luckily, we’re here to help. SpeedyPassword will help you generate a secure password, and keep you up-to-date with the latest password security news.
July 8, 2015 / By: Leah