How Often Should You Change Your Passwords?

How Often Should You Change Your Passwords?

How often should you change your passwords? We all know we should be changing our passwords, but how often is “often” enough? Some people never change their passwords, and even worse, recycle the same (or similar) passwords for almost all of their online accounts. This is a dangerous practice that can lead to security breaches, identity theft, and more.

Passwords are, unfortunately, often neglected by everyday people. We have enough to worry about on a daily basis without adding password security, right? The problem is that security breaches and cybercrime are on the rise. If you think it can’t happen to you, it most certainly can! Every year, thousands of Americans are victims of cybercrime and identity theft and fraud, costing billions in damages.

Protecting your passwords and personal information starts with securing passwords. Your passwords are your first line of defense against intrusion, and there are some rules to follow for best password practices. Let’s take a closer look at some important password guidelines, as well as how our Password Manager can help you take back control of your internet passwords.

In The Past

As with many of the web’s security guidelines, password management rules have changed over the years. As passwords become more complex, the methods for breaching them also improve. As cybercrime increases, better security becomes more important than ever. People and businesses often forget that the first line of defense against cybercrimes is their users.

You can have the best software in the world, but if you’re not actively monitoring your passwords, changing them regularly, and using good password habits, you’re putting yourself or your organization at risk.

The BBB recommends changing your password at least a few times per year, but this is outdated information. Most tech professionals recommend your password changes every thirty, sixty, or ninety days; depending on what the password is used for, how often the account is accessed, and how strong the password is to begin with.

According to cybersecurity experts, you don’t have to frequently change your password if you’re using strong unique passwords. A good password is a combination of letters, symbols, and numbers, and with password managers, you don’t have to come up with one yourself. A password manager like Keeper stores all of your passwords in a secure location and helps scan the dark web for potential threats.

Without a password manager, you’ll end up using recycled passwords more often or you might even forget certain passwords. In fact, the less you log in to a website, the more vulnerable you are to an attack by cyber criminals. A password manager is the protection you need to keep private information safe from cybercriminals.

When Should You Change Your Password?

So, when should you change your password? What events or red flags should you watch for? Let’s take a look at some typical situations where a password change will be required.

After A Security Breach: With massive breaches like the Capital One and Target breaches in recent years, consumers have been put at risk from hackers halfway across the globe and on domestic soil. When a company declares they’ve experienced a data breach, you’ll want to change your password as soon as possible to protect your information. If your info has been compromised, you’ll typically be alerted by the company.

If You Suspect Unauthorized Access: Don’t wait until there’s glaring evidence of unauthorized access of your account(s). By that time, it’s usually too late. If you suspect someone is attempting or has attempted to access one or more of your accounts, change your passwords ASAP. It’s always better to take preventative measures than to wait until the damage is done.

If You Discover Malware or Other Phishing Software: A virus can put your computer at risk and leave your personal information exposed. If you discover such software on your computer after a scan, change your passwords immediately; preferably from a different device until you’re certain the virus has been removed.

Get Keeper Unlimited & access all of your personal passwords on unlimited devices wherever you go!

Buy Now

Shared Access: Lots of people share access to accounts like Netflix and other media services. Some even share access to a joint bank account and access the info via web or mobile app. If you share access with someone you’re no longer in contact with, change your password as soon as possible. It’s best to not trust anyone outside of your circle of trusted people with your passwords. Ex-spouses or significant others, friends, and previous colleagues shouldn’t have access to any of your accounts.

Logging In At Public Places: Using an unsecured network to log in to your accounts is a good way to have your password stolen. If you visit the library or use a public network, change your password afterward. Follow these Digital Identity Guidelines to keep your identity safe whether you’re at home or in public.

If You Haven’t Logged In: You should always change an old password that hasn’t been used in over a year, but some experts recommend changing old passwords after just a few months. The more often you change slightly-used passwords, the safer you’ll be; especially if you’re not using multi-factor authentication.

How Often Should You Require Users To Change Their Passwords?

Don’t make the mistake of thinking these guidelines only apply to individuals. Businesses also must keep a close watch on their password practices, and encourage users to change their passwords frequently. How often should you require users to change their passwords? At least once every 60-90 days, if not more. Be sure you’re using tools like multi-factor authentication and a password manager to beef up your password security.

Password Best Practices

Creating a secure password is the first step in taking control of your password security. It starts with a few simple rules.

Always Use A Password Manager

Many services are free to use, and premium services offer extra security in the form of dark web monitoring, password generators, and more. Not using a password manager leaves your passwords exposed, and you won’t have a good way to organize them. Using a Google or Word Doc to organize passwords is not a good idea. You’ll learn how to change passwords quickly and efficiently with a password manager and won’t have to worry about tracking down lost passwords or accounts.

Always Audit Your Passwords

Are you using the same password for multiple accounts? Are you using a similar password? The golden rule of passwords is that you never use the same password twice. Do not use personal information in your passwords, such as names, pets, birthdays, anniversaries, addresses, SS numbers, children’s names, etc. Passwords should always be a random combination of letters, numbers, and symbols or unrelated phrases.

Change Weak, Compromised, Or Recycled Passwords First

These are the most vulnerable and most likely to cause issues.

Prioritize Your Sensitive Accounts

Bank accounts should absolutely have super-strong passwords to ensure you’re not putting financial information at risk.

Multi-factor Authentication Is Your Best Friend

This means that to access an account, anyone trying to access it will face a more extensive authentication process than simply entering a password. This is best for sensitive accounts, but use it with any accounts you can.

Updating And Auditing Passwords Will Take Some Time

You should do this at least a few times per year, so set aside some time for yourself to make sure it’s done correctly.

If you follow these simple guidelines, your passwords will not only be more secure to begin with, but your auditing/updating process will be simpler and more efficient. Remember that recycled passwords are incredibly dangerous.


Managing passwords is a responsibility that falls on both us as individuals and businesses. Without proper password habits, it’s far easier to fall victim to cybercrime and identity theft; each of which costs the nation billions in damages every year. Take control of your passwords with a password management service like Keeper to better protect your personal information and your identity.