How Often Do You Really Need to Change Your Passwords?

We all know the frustration and sheer annoyance that can happen when we get a notification that an account password must be changed for security reasons. Sometimes, it can just feel like one more annoying task to complete throughout the day and an additional password that must be remembered in your long list of them. However, there is some merit to changing your passwords regularly, and keeping your information and accounts secure is definitely a priority in a world filled with online predators who are dying to hack your information. Continue reading to find out how often passwords should actually be changed to finally put the topic to rest.

Why You Should Change Passwords Regularly
There are several reasons that passwords should be regularly altered. First, it helps protect your accounts from hackers. Even if they do somehow gain access to your personal profiles, they are then limited to their length of access once the password is changed. It also helps you to diversify your access codes and keep them unique and hard to crack.

Why You Shouldn’t Change Passwords Too Often
While changing your passwords every 30 to 42 days has been regarded as a “best practice” for quite some time now, experts are beginning to change their tune. Microsoft did a study several years ago that revealed that mandatory password changes actually cost companies billions of dollars in lost productivity while yielding minimal security payoff.

The reason that changing passwords doesn’t offer as much protection as it used to is that hackers have more advanced hardware and software, and because of the nature of humans. When we change our passwords by force, we typically choose those that are similar to what we already have — similar letters, numbers, themes, and patterns. That means that it’s pretty much just as easy for a predator to penetrate your accounts as it was pre-password change, so there’s not much of a point to this practice.

Very frequent password changes also result in people making silly mistakes, such as leaving a sticky note on their desk with the password written down on it. So, in some cases, frequent password changes could cause more risk than just leaving them as they were.

The Bottom Line
The moral of this story is that you don’t need to stick to strict schedules such as changing your password every 30 to 60 days. However, experts do recommend doing so on accounts or profiles that don’t have two-factor authentication and for venues of communication, such as email. At the least, you should change the passwords for your important accounts once to twice a year.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.