Welcome to #WeekendWisdom number 64. This week we’re going to talk about stop changing passwords regularly.
Who said that we should stop changing passwords regularly?
No I’m not crazy. I have long had a problem with frequently changing passwords. I’ve never believed that they are a good security thing to do.
Back in 2017 the National Institute for Standards and Technology (NIST) changed their guidance on regularly changing passwords.
What is the problem so?
Because the thing with regularly changed passwords is they’re usually short, which short passwords are weak, so we’re talking about 8, 10 or 12 characters and they can be easily cracked fairly quickly. A regularly changed password usually has a number in it which just gets incremented every time you change. So Password1, Password2, Password3.
So if somebody cracks your password from 2 years ago, they have your password. They just go through all the numbers. They increment the numbers until they get in. So that’s why regularly changed passwords are bad.
What should I do instead so?
You should really use like a passphrase such as:
That is 40 characters of super strong not easily broken password.
But even better yet, use a password manager to let it generate unique passwords for every single site and service. Making them long and strong and not easy to break. So please stop changing passwords regularly. Only change your password on an application or a site if you believe it has been compromised.
So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.