Skip to main content

Personalize Your Password Changing Policy

By February 15, 2016May 14th, 2021Cybersecurity

We have written a few times in the past about some password etiquette, or how to create an effective password. But there is still more to a password than just creating a complex entry and moving on. A complex password goes out the window if your account credentials are stolen from a website and the attack went unnoticed. Luckily, there is still something we can do about this – passwords should be changed regularly.

Something to consider — even if your password is encrypted everywhere you store it, that doesn’t mean it cannot be cracked.  In time, all encryption mechanisms can be beaten by a brute force attack.  Granted, most encryption algorithms are complex enough that it could take a VERY long time.  But if you never change your passwords, the bad guy has all the time in the world to crack and use your credentials.

Odds are that you already change your password regularly in your work environment – because you’re forced to. Most workplaces enforce a policy that you must change your password on your workstation every 30, 45, or 60 days. However, most websites do not enforce any policies for reseting your password periodically.

Here are some things you can try.

  • Calendar Reminders. Many people already use calendar events to remind them to complete tasks at certain times. Setting up a reoccurring event every two months to change your password can be a quick-and-easy option to get going with this important task.
  • Holidays. This one requires a little bit of conditioning. Just like the old adage of changing the batteries in your smoke detectors at Daylight Savings, you can change your passwords on holidays. “Oh look, it’s President’s Day, time to change my passwords!”  “Easter is here? Better change my passwords!”

Now for the provisos and reminders:

  • Don’t reuse your passwords across sites!  No matter how witty a given password may be, only use it once.  All you’re doing is making it easier for the bad guy to get into all of your accounts if they compromise just one.
  • You really don’t have to change ALL of your passwords with the same regularity.  Focus most on your critical systems.  Those are the systems that, if compromised, would give up the most damaging information about you.  Depending on who you are, these may include:
    • Banks
    • Social Media
    • Credit Cards
    • Email (please, please, please do this one!)
  • A password manager is key to keep all of your passwords straight. A good manager will allow you to categorize your passwords so you know which accounts are of most importance and need extra protection.

We cannot stress enough about how sacred the password to your email accounts are. If a criminal has access to your email, then they have access to every online account tied to that address as well. They are one Forgot My Password away from gaining entry into your account. No matter what, change your email password often.

Taking a few minutes out of your day ever other month is a simple way to do your part in keeping your own personal information out of the hands of criminals.

Frank Urbanski

Author Frank Urbanski

Frank worked for 8+ years as a Software and Cyber Security Engineer within the defense industry. At Alpine Cyber Solutions Frank oversees the Security Services line of business. He has his passions set on Incident Response, Automation, and Threat Management.

More posts by Frank Urbanski

Join the discussion One Comment

Leave a Reply