Password 
When it comes to password managers, there are a few common misconceptions, such as them being too risky to trust, vendors being unable to handle outages,
4 min read
Published on December 21, 2020
Updated on October 24, 2024.
Unless your passwords have been compromised or you’re currently using weak passwords, you should not be changing your passwords often. According to the National Institute of Standards and Technology (NIST), changing your passwords every 30, 60 or 90 days is discouraged because it can lead to using weaker passwords, making accounts more vulnerable to becoming compromised.
Continue reading to learn why you avoid changing your passwords often and what scenarios would require you to change your passwords right away.
Why you should avoid changing your passwords often
In the past, it was recommended that you change your passwords every 30, 60 or 90 days, however, this is no longer recommended. This is because changing your passwords often can lead to more harm than good. Frequent password changes result in people using weaker passwords or reusing the same password with only slight variations. Changing passwords often also leads to people forgetting their passwords, leading to people having to reset them.
When should you change your passwords?
Let’s take a look at some typical situations where a password change is necessary.
After a data breach
When a company you have an account with announces they’ve experienced a data breach, you need to change your password as soon as possible to protect your information. If your information has been compromised, you’ll typically be alerted by the company. However, most companies can take days, weeks or even months to alert their customers that they’ve had a breach. Luckily, there are free dark web scans you can use to check if your passwords have been leaked in a data breach.
If you suspect unauthorized access
Don’t wait until there’s glaring evidence of unauthorized access to your accounts. By that time, it’s usually too late. If you suspect someone is attempting or has attempted to access one or more of your accounts, change your passwords immediately. It’s always better to take precautionary measures than to wait until the damage is done.
If you discover malware on your devices
Malware and viruses can place your computer at risk and leave your personal information exposed. If you discover such software on your computer after scanning it using antivirus, change your passwords immediately – preferably from a different device – until you’re certain the virus has been removed.
If you share access to your accounts
Lots of people share access to accounts like Netflix and other subscription-based services. If you share access with someone you’re no longer in contact with, change your password as soon as possible. Remember, it’s best to not trust anyone outside of your circle of trusted people with your login credentials.
Password security best practices to keep your accounts safe
Here are password security best practices you should be implementing to keep your online accounts protected against unauthorized access.
Use a password manager
Password managers aid in creating, securely storing and managing your passwords and passkeys. Rather than having to create and remember multiple passwords on your own, password managers enable you to create strong passwords with their built-in password generator. Additionally, because password managers securely store your passwords and autofill them for you, there’s no need for you to worry about forgetting them. The only password you’ll need to remember is your master password which acts as the key to enter your password vault.
Most password managers also offer a dark web monitoring feature so you’re notified immediately if your credentials appear on the dark web. Receiving this notification enables you to take action right away.
Implement Multi-Factor Authentication (MFA)
Multi-factor authentication acts as an extra layer of security for your online accounts. Rather than logging in with only a username and password, you’ll have to verify who you are with one or more authentication methods. This means that anyone trying to access an account will face a more extensive authentication process than simply entering a password. Whenever MFA is available as an option, we highly recommend enabling it. A little-known benefit to using a password manager like Keeper® is that it can also generate and store your 2FA codes so you don’t have to download a separate application.
Audit your passwords
Are you using the same password for multiple accounts or different versions of the same password? The golden rule of passwords is to never use the same password or variations of the same password. It’s also important to avoid using personal information in your passwords, such as names, birthdays, anniversaries, addresses and Social Security numbers.
To ensure your passwords are always following password best practices, you should audit them at least a few times per year. Don’t know how to audit your passwords? Learn how to perform a password audit using a password manager.
Change weak, compromised and recycled passwords first
If you’re just getting started with improving your password security, changing weak, compromised and reused passwords should be your top priority. Accounts that use weak or compromised passwords are the most vulnerable to being hacked so it’s important that you take the time to update these passwords to ones that are strong and unique.
Manage your passwords easily with Keeper
Without proper password management, it’s easy to fall victim to cybercrime and identity theft. Take control of your passwords with a password management service like Keeper to better protect your personal information and make necessary password changes an easy task.
