Over the years, I have heard the advice to change my password every few months. But is it necessary these days? I have found that traditional password knowledge is old – and can even make your accounts less safe.
Old school approach is no longer understood
We all heard it earlier – raise our passwords every month or twice to keep our accounts safe. This advice has been drilled into our heads by IT departments, security blogs and even decades of decades. I followed it and updated all the important passwords on a rotating schedule.
But the thing here is: This approach is fundamentally flawed. When people are forced to change the password repeatedly, they produce variations of their old passwords or use simple people that are easy to remember. I have caught myself doing so – got the support of “1” till the end, then “2”, next time my password was made technically different, but not really more secure.
Security experts now believe that frequent compulsory password changes often give rise to weak security practices, not strong. National Institute of Standards and Technology (NIST) In fact, it reversed its recommendation on periodic password changes, but somehow it has not reached everyone yet.
If you are already not using a password manager, it is time to go on the board. Password managers have many practical uses and store all your credentials safely, so you do not need to rely on memory or pattern that can exploit hackers.
I used to trust Google Password Manager, but privacy worries inspired me to seek an option Proton passWhich has become my new favorite password manager due to open-source transparency.
Connected
Nordpass vs. Dashlen vs. Proton Pass: What is the best password manager?
These are the best options when it comes to password managers.
Why should you not change a regular safe password
The problem with changing a regular safe password is that it resolves the wrong issue. If your password is really strong and unique – think of a long, random string of characters that you have never used anywhere else – it does not really improve your safety, if at all.
When we constantly change the password, we introduce human error in the safety equation. In the past, I was locked more often than my accounts, as I accept after changing a new password and forget it immediately. This disappointment motivates many people to choose the facility on security.
When organizations require frequent password changes, employees select the passwords that follow the approximate pattern. These patterns are famous for hackers, causing them to be less safe than using a strong password for long periods.
Password managers have built-in password generators that allow you to create unique, strong passwords. But if you do not use one, consider using a web-based password tool to create a strong passfrass instead.
Change your password only in these specific scenarios
Instead of changing my password on some arbitrary schedule, I now focus on specific triggers that warrant a password update. This approach is not only more practical, but is more effective for protecting my accounts.
The most obvious time to change your password after data breech. If the service you use announces that it has been compromised, do not wait for that password immediately. You can use a password monitor in your password manager to see any compromised credentials.
Connected
If you are influenced by data breech, it is mentioned here how you protect your credit rating
Protecting your identity and credit rating is important after a violation of your data.
When you have shared your password with someone else, it is also a time of change. Whether it is with family members for Netflix access or a colleague for a shared account, once that access is not required, update your password.
If you are using unsafe public Wi-Fi without a VPN (ie, it did not require a password to reach the Internet), then changing the password for any account you accessed during that session is a good idea. Public networks can be huntinggrounds for hackers, so I make it a habit of updating sensitive passwords after traveling in hotels or cafes and using Wi-Fi.
Doubt that your device has malware? This is the cause of a password refresh. Before making any changes, however, run a completely malware scan and clean your system; Otherwise, your new password may be compromised immediately.
If you are still using the same password on many sites (please stop!), Then convert them into unique passwords as soon as possible. One of these should be a good password manager, which makes this process very easy, so that you can generate and store unique, complex passwords for every service.
Instead of changing your password, do it instead
Instead of changing your password every few months, there are more effective strategies to keep your accounts safe. These approaches give you peace of mind without the constant trouble of remembering new credibility.
Use a password manager – in particular, it changed everything for me. You think you can monitor everything yourself, but it is not easy. The password manager produces complex, unique passwords for every site, and I only need to remember a master password. Most password managers use AES-256 encryption, and this is really liberation. But you should find a person in which the data has never been breeted because the popular lastpass has been hacked several times.
Enable two-factor authentication (2fa) wherever possible. This additional safety layer means that even if someone gets your password in some way, they cannot access your account without another factor (usually your phone or 2FA authenticator apps). I have set it to all my financial accounts, emails and social media, and it can catch all suspected login efforts.
Connected
Why don’t I use SMS for 2fa (and what I use instead)
SMS2 FA is easy, but it is not the safest way to protect your accounts – thanks, an easy option.
Use biometric authentication when available as a fingerprint is very difficult to steal than passwords. It is not right, biometrics add a convenient security layer in which you do not need to remember anything. It is necessary for both banking apps and password manager.
Another thing to practice is to keep your equipment and software updated, as many violations are through known weaknesses that have already been patches. Do not delay updates for weeks, as the security patch you are closing can prevent a security problem that a simple change would have made more secure against your password.
Be cautious about fishing efforts. No password system can protect you if you voluntarily give your credentials to the attackers. I have explained fake emails from the attackers pretending to be “banks” and “delivery companies” that can fool anyone. Now I never click the link in email for sensitive accounts – I manually navigate on the site instead.
Connected
Use these 5 rules to block the fishing email from your inbox
Fishing email your inbox flood? Fight back with these simple rules.
Where start using the available passak. This certification method is starting to completely replace the traditional password. You can use them with many major services. There are safety differences between the password and the passki, but both the passes are more secure and more convenient than the password. Technology is still rolling out, but this may be the future of certification.
Remember, the goal is not constantly changing the password, it is creating a safety system that is flexible against the real dangers, while practically enough that you will be with it. This is a real password strategy that works.
