Tired of having to change your passwords every few months?
The latest research on passwords is out and it flies in the face of conventional cybersecurity practices. Contrary to long-standing advice, experts now suggest that frequently changing your passwords might not be the best strategy for maintaining security. Instead, using longer, memorable phrases with spaces, such as “It’s a Hard Days Night!”, is emerging as a more effective approach.
For years, the conventional wisdom was to change passwords regularly to stay ahead of potential breaches. However, the U.S. National Institute of Standards and Technology (NIST) has found that this practice can actually undermine security. Frequent changes often lead to simpler, more predictable passwords as users struggle to remember new ones12. This can make accounts more vulnerable to attacks.
Longer passwords, especially those that are easy to remember, are now recommended. Phrases like “Merry had a little lamb!” are not only easier to recall but also significantly harder for attackers to crack due to their length and complexity3. This approach leverages the natural language processing capabilities of modern password-cracking tools, making it more challenging for them to succeed.
Additional Strategies for Managing Passwords
- Use a Password Manager: Password managers can generate and store complex passwords for all your accounts, ensuring each one is unique and secure. This reduces the risk of using the same password across multiple sites4.
- Enable Two-Factor Authentication (2FA): Adding an extra layer of security, such as a text message code or an authentication app, can significantly enhance your account protection4.
- Avoid Common Passwords: Research shows that many people still use easily guessable passwords like “123456” or “password”5. Avoid these at all costs and opt for more complex combinations.
- Regularly Update Security Settings: Ensure your devices and applications are always up to date with the latest security patches. This helps protect against vulnerabilities that could be exploited by attackers6.
- Educate Yourself on Phishing Scams: Be aware of phishing tactics that trick you into revealing your passwords. Always verify the source before clicking on links or providing sensitive information.
By adopting these strategies, you can significantly enhance your online security. Remember, the goal is to make it as difficult as possible for attackers to gain access to your accounts. Embrace the simplicity and strength of passphrases and leverage modern tools and practices to keep your digital life secure.
3: American Banker 1: Brobible 2: New Scientist 5: CNBC 6: IET 4: Security.org
Kim Krushell
Co-Founder & EVP Information Securities