By now, it’s a familiar story. Conventional wisdom and even what we teach holds that you want to use a different password on every site or service you log into and that you want to change your passwords regularly, in order to maximize security. What if conventional wisdom isn’t true though? There’s a growing body of evidence that it isn’t. (WAIT FOR IT....)
Sometimes there can be too much of a good thing. True, you definitely want to break the habit of using the same password across multiple accounts, but where changing your password is concerned, changing it too often can actually work against you.
A growing number of surveys indicate that there’s a direct correlation between password strength and the frequency with which the password must be changed. There’s a lot to this, but in summary, it looks like this:
If you’re requiring your employees to change their passwords on multiple systems every 30 or 60 days, those employees aren’t going to invest a lot of time and effort into coming up with truly secure passwords. The reason? It’s annoying, and they feel as though every time they turn around, they’re having to come up with one (or more) new passwords.
The frequency leads to frustration, and the frustration leads to lax passwords that are easily guessed at or brute forced. Anything over the 60-day mark seems to have positive benefits to overall digital security, and anything under has a negative impact.
With this information in mind, now is an excellent time to review all the password protected systems you have in place at your office, and come to an understanding of how frequently the users of those systems are having to change their passwords. Simply making an adjustment to the reset frequency could see you with a net gain in overall security, with no additional investment required. In reality the best solution to this is often a good password manager tool. This eliminates the issue of forgetting the passwords, allows you to use more complex passwords and with proper training could allow you to have the best of both worlds... Security and Regular changes.
