You can share your WiFi password safely by using a strong password, creating a guest network, enabling your router’s encryption and regularly updating your router. Sharing
No, you don’t have to change your password every 90 days. This idea of regularly changing your password is known as password rotation. The main benefit of changing your passwords so often is to prevent unauthorized users from accessing private information.
For personal accounts, changing your passwords every 90 days can actually end up being worse than keeping them the same. Setting up Multi-Factor Authentication (MFA) is a better alternative to changing your passwords every 90 days because frequent changes could lead you to start using weaker passwords or reusing old passwords. Enabling MFA gives your accounts an added layer of security.
However, organizations should frequently change their passwords, especially for privileged accounts and systems to ensure their privacy and safety. When organizations implement password rotation as a practice, it should be automated rather than manual because automated password rotation creates stronger passwords efficiently and without expending resources.
Keep reading to learn more about why it isn’t recommended to change your passwords often, when you should change your passwords and how to do it effectively.
Why you shouldn’t change your passwords often
As mentioned above, frequently changing your passwords for personal accounts can lead to using weaker passwords or reusing old ones.
Using weaker passwords
When people change their passwords frequently, they generally use passwords that are easy to remember, making them much weaker passwords. Most people incorporate something meaningful into their passwords, such as their pet’s name, favorite food, street name, birthdate, child’s name, marriage anniversary, etc. Here are some common examples of the password types you may use or have used in the past:
- Bella01
- Quesadilla4
- John1997
By using inspiration for your passwords that could be available for cybercriminals to find by checking your online presence, your passwords become much weaker and easier to guess.
Password reuse
Similarly, you should not change your passwords often because it increases the likelihood of you reusing passwords. Because people have so many login credentials for different accounts, it is convenient to reuse the same password or a very similar variation of it for multiple accounts. However, reusing your passwords makes it very easy for cybercriminals to access not only one of your accounts but all of the accounts that use that password. Using the examples above as inspiration, here’s what your passwords could look like for each of your accounts if you reused them:
- Bella01, Bella02, Bella03…
- Quesadilla4, Quesadilla5, Quesadilla6…
- John1997, John1997!, John1997!!…
Even though each password has been slightly changed, if a cybercriminal can guess one of your passwords, they will catch onto the patterns when you reuse variations of your password.
Forgetting passwords
An easy solution that most people use when they can’t remember their password is the Forgot Your Password? option. Although this is an incredibly convenient and helpful tool when we get stuck, utilizing this feature too often makes us revert to old habits and use weak or old passwords. The solution to forgetting your passwords is starting to rely on a password manager like Keeper®. When you use a password manager, you can have strong and unique passwords generated for each of your accounts and ensure that they are stored in a secure vault. You don’t ever have to type out the passwords or remember them because the password manager will automatically fill in the passwords for you.
When to change your passwords
While it may not be best practice to change your passwords too frequently, there are times when changing your passwords is necessary to keep your accounts secure.
If you’re part of a data breach
When you have an account with a company that has experienced a data breach, you must change your password for that account immediately. If your private information has been compromised, the company with that account will usually alert you directly. However, depending on the size of the company and the magnitude of the breach, it could take a company weeks to alert its customers. This is where dark web monitoring can help alert you quicker.
If you suspect someone is trying to access your account
Typically, you can presume that someone is trying to gain access to your account by a few signs. One of the most common ways to tell is by receiving emails or notifications about a password change request. Sometimes these emails are even for accounts that you might have never created as part of a phishing scam to get you to think that your account has been compromised. Both legitimate and illegitimate types of emails can read somewhat like this:
Hi,
We received your request to change the password of your account.
If you didn’t request this change, you can safely ignore this email.
Although this message does not imply that a cybercriminal already has access to your account, it is good to be cautious and change your password immediately. If you ignore these messages for accounts you know you have, it may be too late if you do not change your password and the cybercriminal could gain access to your private information.
If your device got infected with malware
If you believe your device has malware or viruses, change your passwords right away. If you have malware on your device and do not change your passwords, your personal information could be accessed by cybercriminals. Once you have changed your passwords, you should work on eliminating the virus.
If another account of yours gets hacked
When one of your accounts gets hacked into by a cybercriminal, it is best to change the password for any account that shares the same login information. As mentioned earlier, you should not resort to reusing passwords for multiple accounts. However, if you have already done this and one of those accounts is compromised, all accounts that share the same login credentials are now vulnerable to getting hacked. Therefore, it is safest for you to change those passwords before your other accounts suffer the same fate.
Best practices when changing your passwords
Considering how vital it is to have strong and unique passwords, it is important to follow the best practices when it comes to changing your passwords. Follow these recommendations to have the most secure passwords:
Don’t reuse passwords across multiple accounts
As mentioned before, reusing passwords could make it easy for cybercriminals to access your private information. Do not reuse the same password across multiple accounts, as this could help cybercriminals access not only your social media accounts but also your banking information, streaming accounts and more.
Don’t slightly change a password variation
When you do change your password, don’t change it only slightly by adding any numbers or special characters. For example, you are not truly changing your password by adjusting it from Password to Password1 or Password1!. Since the majority of the password stays the same in this instance, a cybercriminal would be able to access your account just as easily.
Consider using a passphrase as a password
Instead of using one word that you can remember as your password, try using a passphrase, which is a series of random and longer words. As with any password you create, do not include personal information, popular phrases or song lyrics in your passphrase. Try to include a variety of symbols, uppercase and lowercase letters and random words in your passphrase. Here are some strong examples of passphrases:
- Basic-Whale-Closer4-Melted-These
- Minute.Truck.Where2.Attempt
- Design8!Flight!Beast!Group!Sides!Popcorn
If you are having trouble coming up with your own passphrases, try using Keeper Security’s Passphrase Generator. When you use it, you can choose how many words you want your passphrase to be, what character separates the words and if you want to include capital letters and/or numbers.
Use a password generator
Similar to the Passphrase Generator mentioned above, you could also change your password conveniently by using Keeper’s Password Generator. By using this password generator, you can change your current passwords to strong and unique ones with ease. Take a look at some examples of passwords that you could randomly generate:
- 3>ZfrT61(9#X;?Kdk4FQ
- A+;($7hmqE4733<=P(X0N8@3
- NYSQe+^;mW%WZ+^CjUzh3$1zj56
Now that you’ve generated such secure passwords, you probably want to know how you’re supposed to remember them, right? Luckily, Keeper Password Manager is a safe digital vault for your passwords to reside. The only password you would need to remember is your master password; then you can access the login credentials to all of your accounts safely.
Protect your passwords with Keeper
While it may be a great idea in theory to change your passwords regularly, your personal passwords should not be at risk of being compromised if you protect them properly. Only change your personal passwords if you suspect that someone is trying to get into your accounts, and avoid using old or easy-to-guess passwords for any of your accounts.
Start using Keeper’s Password Manager, Password Generator and Passphrase Generator today when you try our services for free for 30 days.