How Often Should You Change Your Password?

by Arto Baltayan

Security experts say passwords should be changed at least once every three to six months, sometimes even sooner. These days, everyone seems to have a huge collection of passwords to contend with. Passwords for work and online banking are just the start. Many people have several email accounts to manage. Twitter, Facebook and other social media sites must also be kept secure. All things considered, password management can turn into a big mess. However, not all passwords are created equal.

When You Should Change Your Password

The three to six month password guideline may be fine for low- to medium-security sites, but you may want to change your password more often for high-security sites. As a general rule, the more secure a site should be, the more frequently the password should be changed. For example, a social media site may be fine using the three to six month guideline, but you may want to change the password for your bank account once every month or so. Any site you log on to from a public computer should be subject to frequent password changes as well.

Does it Really Help?

A new school of thought, backed by university studies and outspoken security experts, is gaining in popularity. This group argues that an increased frequency of password changes does not augment the security of a user account. As a matter of fact, they believe that in some cases it can actually have a detrimental impact. If users change their passwords frequently, they are more prone to pick weak passwords that are easily cracked. Also, having to remember the constantly changing word or phrase prompts many of them to write it down, thus increasing the chances that others may see it as well.

Password Best Practices

Whatever the general consensus may be, it is a good idea to change your passwords frequently if done correctly. Avoid choosing weak passwords like your name, your phone number or your child's date of birth. Strong passwords contain a minimum of eight characters, a mixture of upper and lower case characters and at least two numbers or special characters. Never use one password for all your sites, and if one of your user accounts has been compromised, change the password immediately. Also, some sites have alert mechanisms. They email or text you when someone is trying to change your password to hijack your account. Activate these alerts when possible.

Password Management Software

For those of you who find password management a real chore, consider using a password manager. These are software applications that automatically fill in browser logon forms, warn you when your password is stale and needs to be changed, and generate secure passwords for you when needed. The best thing about password managers is you only have to remember one password; the master password to access the manager itself.

About the Author

Arto Baltayan has been a technical writer since 2008. He specializes in documentation for software, cloud, enterprise systems and computer security. He is a software engineer with 10 years' experience with C++ and Java, and is also certified by Oracle Corporation as a DBA and middleware admin.

Photo Credits

  • photo_camera violetkaipa/iStock/Getty Images