Changing passwords on a regular basis results in a waste of time, and if it is not done well, we worsen security. In case you don’t know, a strong password or password must contain the following elements:
- Capital letters.
- Symbols such as @, &, or $.
- The recommended length would be a minimum of 12 characters.
In RedesZone we have a complete tutorial of the recommendations for creating strong passwords, with tips and why it is necessary to mix different characters in a password.
Positive aspects of changing passwords periodically
Changing passwords periodically is a good idea because it makes it difficult for someone to obtain our password by brute force or dictionary, since, before it can be cracked, we will have already changed it and you will not be able to do anything to enter with our credentials.
A periodic password change means that in the event that they steal our email password or any other service, they could never log into their account and have access to our data, because during the time it takes to crack the password, we already we will have changed it. The same could happen with social media accounts and bank accounts.
We must bear in mind that the less time between password changes, the probability that a cybercriminal will crack the password is lower, since they will have less time to discover our password and use it for their own benefit.
Drawbacks of changing passwords regularly
Password changes are something that we should take seriously, however, that does not mean that changing passwords is an additional effort for people quite important. The problem is that people have limited time and memory, which means that changing passwords periodically involves a significant effort, especially the latter, remembering the last password.
In an ideal world where we had a perfect memory and time to design our password there would be no problems. One of the biggest security issues is human error, and if you change your password often, you’ll be more likely to use weak passwords to make them easier to remember. Therefore, if we are forced to change it periodically, it will be more difficult to remember and create good passwords. For this reason, it is not surprising that users who are forced to change them end up adding a number to their password, such as “password1” and then “password2”.
Another issue to keep in mind is that the problem is compounded by making so many changes. The reason is none other than that we have to handle many passwords. In that sense, to alleviate the problem we recommend using a password manager like KeePass, Passwarden or any other.
The problem that we acquire when changing passwords periodically is that we will end up using the weakest ones, and probably, we will reuse the same key in different accounts, so we will be even more vulnerable for reusing the passwords in different services. In this regard, it is much more important to use strong and unique passwords everywhere than to change the password regularly.
This is how cybercriminals act when they obtain a key
By changing passwords periodically, if done right, you improve security, but the problem is that, if done wrong, you can make security worse.
Another important issue is when our password falls into the wrong hands. In that case the Cybercriminals try to take advantage of it as soon as possible. For example, if in a phishing attack they obtain the password from your email, they will try to make the most of it, and will try to reset the passwords of other accounts with it. Thus, for example, they could gain access to your Facebook account to send spam or scam your acquaintances.
In summary, even if you had changed your password the day before, being victims of a phishing attack where you enter your current password, this measure will be of little use. Therefore, for certain types of attacks the change is not so beneficial.
When should we change passwords?
In the event that we have had to share, out of necessity, the key of an account of any kind such as Netflix or Amazon Prime, the change may be beneficial, immediately or when the agreed time for using an account expires. streaming is convenient to change it. In this way we avoid spying on our data, or services that are ours are used without permission.
It should also be noted that password changes can be positive for some jobs. In this sense, IT administrators should not force workers to change passwords, unless there is a good reason. In this case, it is best to use a password manager to avoid using an increasingly weak password. Therefore, do not forget that regular and indiscriminate password changes can in the long run be a problem.
As we have seen, periodically changing passwords is not always good advice. In addition, in case our password is stolen, if we have activated the Google two-factor authentication, Facebook etc. they will not be able to access our account. Therefore, for accounts that support this two-step verification, it can be very beneficial for our security to have it activated.