Security News It’s Change Your Password Day (again): Here is Why You Should Probably Do Nothing

[Gandalf_The_Grey]

Content source

https://chipp.in/security-privacy/its-change-your-password-day-again-here-is-why-you-should-probably-do-nothing/

Today is officially “Change Your Password Day”, a special day designed to put cybersecurity top of mind. But before you rush to update your logins, pause for a moment: experts now warn that changing your password simply for the sake of the calendar might actually hurt your security more than it helps.

The idea behind the day is simple: Every year, go through your list of accounts and passwords, and change them. Why? The original logic behind the day dates back to a time when modern threat detection and additional layers of account protections did not exist.

Changing passwords frequently could disrupt brute force attempts, silent breaches, or accidental leaks. While that did make sense in some cases back in the days, it is seen as hurting more than it helps in most cases today. Even back then, it caused all kinds of inconveniences, for instance, when on the next day of work, employees starting to make call to the IT department, because they could not get into their accounts anymore.

In fact, experts suggest that password should only be changed in very specific circumstances, such as:

• Re-use of passwords across multiple sites, as it goes against the “one site, one unique password” recommendation.
• Weak passwords, as todays computers can break into these in seconds or minutes.
• Breached passwords, which is self-explanatory
• When someone else might have access.

However, it is recommended to act immediately instead of waiting for password-day to come along.

This day, at best, is a reminder for users to look at their passwords and start changing the weak, leaked, or re-used ones immediately. While at it, it is recommended to set up another layer of protection, for instance two-factor authentication, for important accounts.

Here is why most security experts advise against frequent password changes: In many cases users pick easy to remember passwords, especially in organizations. The reason is simple: lack of a password manager requires that users remember the passwords. With frequent changes, this becomes a nuisance. Employees started to iterate passwords to help their memory, while others wrote them down to avoid having to contact the IT department to get the password reset ever so often.

It’s Change Your Password Day (again): Here is Why You Should Probably Do Nothing - Chipp.in Tech News and Reviews

Today is officially “Change Your Password Day”, a special day designed to put cybersecurity top of mind. But before you rush to update your logins, pause for a moment: experts now warn that changing your password simply for the sake of the calendar might actually hurt your security more than it...

chipp.in

 

[Parkinsond]

Happy “Change Your Password Day”

 

[stonjean633]

Happy “Change Your Password Day”

Instead of a reminder, make it a holiday.

 

[Parkinsond]

Instead of a reminder, make it a holiday.

After validation of passkey: RIP password

 

[Sorrento]

Obviously Kaspersky took this on board as yesterday when I wanted to sign in with limited time I had to change my password as 150? days had gone by, this took half an hour & made me say a couple of bad words as it seems their system don't pick up on a changed password as fast as i did, it was done in the end & now I can tell K not to do this each 150 days or so - I totally agree with strong passwords but unless there is a risk of it being compromised it might be better to leave things as they are.

Rumpelstiltskin1! is the one I use for everything & I'm sure no one will guess that.

Some people who are related to me have all their passwords in a diary or notebook in their handbags which does disturb my mind greatly as they are carried around with them or left in the boot / glovebox of the car or at work, these persons cannot be named though!