How Often Do I Need to Change My Password?

How Often Do I Need to Change My Password?

For decades, the conventional wisdom of “periodically changing” your login password stood firm.  Concerns about passwords being stolen or discovered and threat actors gaining access to your valuable information caused this to be true and necessary.  However, more recently, the conversation has been expanded and the “rules” have changed. You may have read information from the National Institute of Standards and Technology (NIST) that says changing passwords is not only no longer necessary, but could be harmful leading to the use of simple or slightly varied passwords.  That comes with some caveats about how you are creating  your passwords and how you are securing them.

Let’s start by looking at best practice password hygiene.

  • Passwords should be at least 16 characters in length. This will not only make them near impossible to crack with a password cracking tool, but will also prevent them from being stored in a browser (which you should never do).
  • Passwords should be complex in nature. This means that they should include numbers, lower case letters, upper case letter, and special characters.  The easiest way to achieve this is by using a password manager that will generate the passwords for you and store them for future use so you never need to type them.
  • Multi Factor Authentication should be used for all systems that you log in to. This means that even if someone did get your password, they would not be able to login to the system without the second factor.
  • Password should be used for one and only one application. Reusing passwords increases the possibility of multiple systems being compromised if a single password is stolen.
If you are following all these practices, then it is not necessary to have an arbitrary periodic change of your passwords unless you are subject to a compliance which requires you to do so or using a system which requires it.

You should be sure to change your password in the following cases:

  • After a breach of your password
  • After using a public Wi-Fi system
  • After logging into your accounts from someone else’s computer
  • If it has been a while since you have logged into an account
Password hygiene is critical for the security of your data and systems.  Following these guidelines can help you protect your systems and not require you to change your passwords every 30-90 days as used to be the standard.

Recent Posts

Hosted VOIP For Educational Facilities

The Advantages of Hosted VoIP for Educational Institutions

The smooth operation of any educational institution relies heavily on effective communication. From ensuring clear communication between teachers and students to facilitating seamless interaction with parents and administrative staff, efficient information flow is paramount. However, traditional phone systems often fall short in meeting the demanding communication needs of today’s schools

hosted voip in healthcare

Boosting Patient Care with Hosted VoIP in Healthcare:

The healthcare industry thrives on efficient communication and collaboration. Timely access to medical professionals, clear communication between doctors and nurses, and seamless patient interaction are all crucial for delivering quality care. However, traditional phone systems often fall short in meeting these demands. Outdated features, missed calls, and inefficient call routing

network support provivder

Mistakes to Avoid When Searching for a Network Support Provider

In today’s digital age, a reliable network is the lifeblood of most businesses. It connects us to colleagues, clients, and critical resources, allowing us to operate efficiently and productively. When network issues arise – whether it’s slow internet speeds, frustrating connection drops, or even a complete system outage – the

What Does Vulnerability Scanning Do?

Vulnerability scanning is a process used to identify weaknesses or vulnerabilities in a computer system, network, or application. It involves automated tools that scan for known vulnerabilities in software, configurations, or network infrastructure. The primary purpose of vulnerability scanning is to proactively identify security issues before they can be exploited