When you create a username and password for an account, that password becomes less secure as time goes on. To protect your computer network from intrusions, it’s recommended you change your password about once every month. But is it actually necessary to change it that often?
The Misconception Behind Password Changes
One of the easiest ways for a hacker to get your personal information is by stealing your login credentials through a cyberattack. That’s why the Better Business Bureau (BBB) and most professionals recommend frequent password changes. The recommended frequency can range from every 30, 60, to 90 days. However, there’s a problem that comes with frequent password changes.
How Frequent Changes Can Make the Situation Worse
The reasoning behind changing passwords on a monthly basis is logical, but it’s not realistic. Think of all the accounts you have passwords for; memorizing all those passwords even without changing them is incredibly difficult. Constantly changing passwords exacerbates password management, leading many employees to rely on insecure workarounds. For example, your employees may forego creating strong passwords in favor of simpler passwords that are easier to remember. Or your employees may write down their passwords and store them in their desks.
What the NIST Recommends
Recently, the National Institute of Standards and Technology (NIST) published new guidelines for maintaining sensitive information. These new recommendations include reducing password complexity and frequency of forced password changes. The guidelines suggest that monthly resets can be excessive and that proper security strategy can prolong how long a password remains secure.
When to Make the Change
Although it’s not necessary to change your passwords every month, you’ll have to change them eventually. You’ll likely receive a prompt forcing you to change your password every now and then, but outside of that, when is the right time to make a change? You should change your password if any of these situations apply:
- Malware is running on your computer system or mobile device.
- After the disclosure of a server intrusion.
- After receiving a notification of unauthorized access to your account.
- You shared passwords with someone who no longer needs access to the account.
- If you logged on to a public or shared computer.
- It’s been more than a year since you last changed your password.
How to Approach Making a New Password
When the time finally comes to change your password, here are a few things to keep in mind:
- Keep your passwords in a password manager. (Google Chrome has a built-in manager.)
- Avoid reusing old usernames and passwords.
- Turn on multi-factor authentication whenever available.
Although these may seem like simple steps, they’re effective methods for protecting personal data.
Why Companies Depend on SNC for IT
The safety of your IT infrastructure is not something to take lightly. That’s why companies choose to partner with Strategic Network Consulting. Since 1991, we have provided our clients with efficient, practical, and cost-effective solutions ranging from IT consulting to hardware as a Service and everything in between. To learn more about what we have to offer, give us a call today!