Katrina Matthews from Rack Solutions
Frequent mandatory password changes are common in today’s tech-centered world, but the practical costs to companies are estimated at billions of dollars, according to a Microsoft study. People have a difficult time remembering them, and valuable time is spent recovering a password instead of working.
The study’s researchers found that frequent password changes force users to select an easily remembered password, which actually may reduce security and increase opportunities for information and financial breaches, which are the very activities the password updates are intended to protect.
Hacking Methods
A hacker will often use a password generator program that quickly creates variations on words and enters them as passwords. It can take six months or longer for a computer to find the correct password, which is the reason that changing it two or three times a year is recommended for private users. Most companies require employees to change a network password every three or four months.
Other methods for password breach are by other people who can find a password written on a note on a desk or eavesdropped upon by a co-worker.
Avoid Breaches
An effective and common method for avoiding security breaches is choosing a password that is more complex. An obscure word followed by numbers and special characters is more difficult for a computer to find and a person to remember, and appears to be the best available password security measure.
Social Media
The frequency of password changes for social media accounts can be higher because if someone you know accesses your account, it would be possible to eavesdrop for months and not be discovered. Changing a social media account password at least every three months is recommended.
Some social media networking sites track activity, which would allow someone to find out if someone else were accessing the account, however, after initially logging in, a hacker will usually create a back door entry method, which would circumvent the activity tracking recorder.
Summary
- Remember to always choose a password that an average person would not guess because the word is unusual or has a special meaning and is followed by numbers and characters to make the result truly unique.
- It can be important to change a password at least every six months, but if a security breach is suspected or occurs, always change the password directly after any suspicious activity.
- Changing a social media password more frequently, approximately every three months or less, is important, because a hacker may eavesdrop on activity for months before being discovered.
- Never write down a password and place it near a computer or portable digital device.
- Always ensure that passwords are saved in a secure place, such as a mobile application with a strong security setting.
- If changing a password at an office or other official location is necessary, do not share the password with anyone, and use the standards to select one that would be difficult to guess.
Sources:
http://lifehacker.com/5966214/how-often-should-i-change-my-passwords
http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndNoThanks.pdf
http://www.nbcnews.com/tech/security/how-often-should-you-change-your-passwords-f1C7511554
About the Author
+Katrina Matthews is a product specialist for RackSolutions, designer and manufacturer of custom racking products for the IT industry! She likes giving IT tips and advice on our blog.
Photo credit: Robbert van der Steeg
Dreaming of Secure Password Storage: Hackers, data breaches compromise over 650 million records
Workers need password keepers to contain sea of passwords
