There’s a lot of advice out there for proper password management: Each of your passwords should be strong and unique; use a secure manager to store your passwords; use two-factor authentication (2FA) to add an extra layer of security to your accounts. But there’s another piece of advice that is held in the same regard as the others: Change your passwords often—perhaps once every three months. This habit is so emphasized, many companies and organizations will make you change your passwords multiple times a year in the name of security. The thing is, in all likelihood, this isn’t actually doing anything to help your security.
This idea that changing your passwords multiple times a year is a cornerstone of your security, might be engrained in some of you. After all, it’s not new advice. As PCMag examined, the practice goes back a long time: When security experts write about passwords, they often write about changing passwords, too. It’s just the way the advice has been presented. But that’s likely because it’s anticipating and responding to bad security habits.
Good passwords don’t (usually) need to be changed
Changing your passwords really only makes sense when your passwords are compromised. After all, if no one knows your password, why change it? Still, passwords are cracked all the time. As such, it might seem logical to frequently switch yours up: You never know which of your passwords could be guessed, right? So might as well keep those bad actors on their toes.
But let’s take a step back: There’s no reason any of your passwords should be guessable. If a hacker is able to guess your password, it’s a bad password, and you shouldn’t have been using it in the first place. I’ll take it a step further, and say none of your passwords should be crackable by a computer, either—at least, not on a timeline where it matters.
Disclaimer
The information contained in South Florida Reporter is for general information purposes only.
The South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service.
In no event shall the South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice.
The Company does not warrant that the Service is free of viruses or other harmful components
