If you follow these simple steps, you’ll keep your accounts safe.
Some people advise that you update your passwords every 30 days. The intention is to make accounts more secure, but the actual result? Account security is worse than ever. People now have so many passwords to remember that they jot them down on scraps of paper, or simply make them as memorable as they can.
Which is why the National Institute of Standards and Technology recently updated its Digital Identity Guidelines and it no longer suggests frequent password updates.
So, the question becomes…
Should you update your password at all?
The advice is to not fret about changing your password too often, but you should still change your password every now and then. However, rather than focusing on a set frequency, it could be better to change your credentials when there’s a good reason to - which could be any of the following:
- You hear of a reported hack or security issue on a service you use
- You receive a notification of ‘unauthorized access on your account’
- You find evidence of a virus (or other malware) on your device
- You shared a password with someone, but they no longer need access to the account
- You used a public computer (in a library, at school) to look at sensitive information
- You haven’t updated a password for more than 12-months, and you don’t use multi-factor authentication
For any of the above, updating your password is a reasonable protective measure. It stops any unwanted eyes from prying on your account in case your old password became compromised.
When it comes to the question of password management - just be smart with your updates to avoid the frustration of forgetting your login details and having to start the process over. We suggest the following 7 steps to keep your password management simple.
7 steps to simple password management
Never forget another password. Use the following 7 steps to keep your accounts secure and your passwords under lock-and-key.
- Use a password manager
If you do nothing else, do this. When you have lots of accounts, it’s nearly impossible to keep track of every password - or when you last updated one. A password manager collects all your passwords in one secure place, storing the information in an organized, encrypted way for ultimate peace of mind.
- Run a password audit
Once you’ve collected your passwords together, it’s time to check how secure they really are. Tools such as the LastPass Security Challenge help you review how many passwords you store as well as suggesting which ones need an update.
- Update weak, repeated or compromised passwords
Some passwords are notoriously weak (they may use letters only, or are too short). The aforementioned LastPass tool will flag such cases and recommend an update. Similarly, passwords used in more than one account can be a security risk. While hacked accounts give you no choice but to update your password.
- Use more complex passwords on sensitive accounts
Certain accounts hold confidential information (think bank and investment accounts, email, or other personal records). In these cases, it pays to use a more complex password that you can remember by storing in your password manager.
Interestingly, log in details for Amazon, Netflix, and other streaming accounts are often sold on the black market. So you may want to choose something more complicated there as well.
- Consider password auto-updates
Some password managers offer an auto-update feature. This takes care of password management on 100 of the most popular websites, so you don’t even have to think about your security - let alone coming up with another memorable password!
- Always use multi-factor authentication (MFA)
We started the article with this advice, we’ll close with it as well. MFA is one of the most surefire ways to prevent a hack, or at least slow the route to a possible compromise. It stops someone from gaining access, even if they have your password.
- Change your password once per year
The answer you've been waiting for: provided you follow the other recommendations, you can feel safe updating your password once every 365 days. Set a date in your calendar (and be sure to stick to it), only updating other passwords when you know there’s been a compromise.
While it’s enough to update your password once a year, it’s best to start with strong passwords that you store in a password manager, then work from there. Once you’re set up, rest easy knowing you’ve done all you can to keep your accounts secure-- and feel free to give us a call if you need help.