31 Jan Should You Change Your Password?
New Ideas About a Common Practice
“Change your password” is ubiquitous in most IT and business circles. It seems like sounds advice. If passwords change regularly criminals have less of a chance to steal money, assets and wreak havoc.
We all know that changing your password regularly is annoying and frustrating. What we’ve seen for ourselves, and with our clients, is that password changes lead to weaker passwords. Password sharing and the worst of all security breaches, the “post-it note password” on the monitor syndrome are also terrible practices.
Password changes alone will not stop hacking and cybercrime. We like the approach we’ve read on How-to-Geek and encourage you to check out the article. How-to-Geek is not the only one promoting a new approach to password management. It is time to rethink how we manage passwords as individuals and as business people. To be clear, we’re not advocating doing away with password changes. There is value in the practice. However, reevaluating password change theory and practice is a good thing.
Here’s a brief summary of some of our favorite insights and tips.
- It’s hard to remember good passwords. Because passwords are difficult to remember, people tend to make weaker passwords when forced to change that one, really good one they can remember.
- Changing it may not help. Most criminals are looking for a quick score. Hackers and thieves want to use your information, get what they can get, and disappear. Cybercriminals typically don’t hold on to passwords to commit a crime three months from now. The real task is making strong, unique passwords from the start.
- Your password is always vulnerable. Are you one of those people who use the same password for everything? The odds are your password is constantly leaked whenever a new site is compromised. Instead of changing the same password on different sites, make unique passwords for every site. Can’t remember them all? See our next bullet….
- Look into a password manager. Investigate LastPass or KeePass. These services store your site-specific passwords and allow you to access them when needed. In some specific instances, we’re not against writing the password down if you secure it properly. A safe deposit box or a home combination safe is ideal. Don’t leave passwords in an envelope in your desk.
- Business policy should be purposeful. Corporate IT departments should have a strong reason for forcing password changes. A specific event, like a hack, virus, or a disgruntled employee, qualify as a real threat.
Check out How-to-Geek’s article to learn more about password management. Focus Data Solutions’ IT and Client Services team will continue to share more on password protections. If you want to talk about your company’s current password policies, contact John Patton, Director of Managed Services at email@example.com.