Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.



411 University St, Seattle, USA


+1 -800-456-478-23

How Often Should You Really Update Your Password?

If you follow these simple steps, you will keep your accounts safe.

Some people advise that you update your passwords every 30 days. The intention is to make accounts more secure, but the actual result? Account security is worse than ever. People now have so many passwords to remember that they jot them down on scraps of paper, or simply make them as memorable as they can.

Which is why the National Institute of Standards and Technology recently updated its Digital Identity Guidelines and it no longer suggests frequent password updates.

So, the question becomes…


The advice is to not fret about changing your password too often, but you should still change your password every now and then. However, rather than focusing on a set frequency, it could be better to change your credentials when there’s a good reason to – which could be any of the following:

  • You hear of a reported hack or security issue on a service you use
  • You receive a notification of unauthorized access on your account’
  • You find evidence of a virus (or other malware) on your device
  • You shared a password with someone, but they no longer need access to the account
  • You used a public computer (in a library, at school) to look at sensitive information
  • You haven’t updated a password for more than 12-months, and you don’t use multi-factor authentication

For any of the above, updating your password is a reasonable protective measure. It stops any unwanted eyes from prying on your account in case your old password became compromised.

When it comes to the question of password management – just be smart with your updates to avoid the frustration of forgetting your login details and having to start the process over. We suggest the following 7 steps to keep your password management simple.


Never forget another password. Use the following 7 steps to keep your accounts secure and your passwords under lock-and-key.

  • Use a password manager

If you do nothing else, do this. When you have lots of accounts, it’s nearly impossible to keep track of every password – or when you last updated one. A password manager collects all your passwords in one secure place, storing the information in an organized, encrypted way for ultimate peace of mind.

  • Run a password audit

Once you’ve collected your passwords together, it’s time to check how secure they really are. Tools such as the LastPass Security Challenge help you review how many passwords you store as well as suggesting which ones need an update.

  • Update weak, repeated or compromised passwords

Some passwords are notoriously weak (they may use letters only, or are too short). The aforementioned LastPass tool will flag such cases and recommend an update. Similarly, passwords used in more than one account can be a security risk. While hacked accounts give you no choice but to update your password.

  • Use more complex passwords on sensitive accounts

Certain accounts hold confidential information (think bank and investment accounts, email, or other personal records). In these cases, it pays to use a more complex password that you can remember by storing in your password manager.

Interestingly, log in details for Amazon, Netflix, and other streaming accounts are often sold on the black market. So you may want to choose something more complicated there as well.

  • Consider password auto-updates

Some password managers offer an auto-update feature. This takes care of password management on 100 of the most popular websites, so you don’t even have to think about your security – let alone coming up with another memorable password!

  • Always use multi-factor authentication (MFA)

We started the article with this advice, we’ll close with it as well. MFA is one of the most surefire ways to prevent a hack, or at least slow the route to a possible compromise. It stops someone from gaining access, even if they have your password.

  • Change your password once per year

The answer you’ve been waiting for: provided you follow the other recommendations, you can feel safe updating your password once every 365 days. Set a date in your calendar (and be sure to stick to it), only updating other passwords when you know there’s been a compromise.

While it’s enough to update your password once a year, it’s best to start with strong passwords that you store in a password manager, then work from there. Once you’re set up, rest easy knowing you’ve done all you can to keep your accounts secure– and feel free to give us a call if you need help.

More Posts

How Managed IT Services Can Reduce Costly Downtime

Instead of worrying about how much a period of downtime could cost you, it’s better to have a plan in place that can reduce and prevent it whenever possible. And a managed IT partner can help you devise such a strategy.

Why Is It Important to Have a Robust DNS Filter?

A robust suite of cybersecurity tools is a vital necessity for any business. Failing to protect your network and devices can have huge financial consequences. DNS filters are more than just a tool — they’re an investment in your business. Here’s how having your IT team set up a DNS filter can provide big benefits across your organization.

Employee Spotlight: Mark

For this months employee spotlight we’re featuring new-again employee, Mark. He previously worked at AngelCom for 7 years and is back in the role of Director of Support.