Securing online networks is a critical task for many organizations, and numerous strategies are in place to strengthen this, such as password updates. So, how frequently should a password change be? Are you still using your university-era password without any intention to change it?
You’re not alone in this practice, yet it doesn’t mean it’s safe. It’s also fascinating to note that some individuals find the process of changing passwords as daunting as retirement, hence they stick with the same or similar passwords for an extended period. They may not realize that failure to change passwords or reusing them could expose them to numerous online security risks.
A surprising 66% of people utilize the same password across various online accounts, and 75% find managing and remembering these passwords a cause for stress. The unpleasant reality is, if you think changing your password is tiresome, understand that such an action could be the sole barrier between your organization’s confidential data and unauthorized access.
The practice of enforcing frequent password changes amongst employees might be part of your company’s network security strategy. But have you ever wondered if this practice may inadvertently make your systems more vulnerable? The reality is, when employees are obliged to frequently change passwords, they may not invest sufficient thought into creating strong new ones.
Most people tend to form passwords that follow patterns termed as “transformations.” These include altering the order of special characters or digits, incrementing a number, adding or removing a special character, or replacing a character with a similar-looking symbol. These methods are common coping mechanisms for frequently scheduled password updates, which is understandable given how our minds operate.
Nonetheless, to mitigate the risk of online attacks, the answer lies in creating unpredictable passwords. These are challenging to both generate and remember. The key takeaway is to ensure your employees are using robust passwords, otherwise they may remain the weakest link that hackers exploit to gain access to your business systems.
It’s true that changing your password when it falls into the wrong hands can block their access to your company’s network infrastructure. This is why many companies enforce a schedule for employees to change their passwords regularly. However, this approach may lead to poor password practices, including:
Should you suspect that one of your accounts, such as your social media or email account, has been hacked, it is recommended to immediately change the password. Similarly, if your device like a tablet, computer, or phone has been infected with malware or compromised, change the device’s password and that of any accounts you access from that device.
The moment you learn that your organization’s data is part of a data breach, promptly change the compromised password and do the same for any other accounts using that password. This is because a hacker will attempt to use breached passwords elsewhere online to discover what else they can access. This practice is referred to as credential stuffing. Therefore, using unique passwords for your accounts is recommended.
Moreover, a reliable password manager can notify you instantly in the event of a data breach involving your email address, including details about the nature of the attack. Consequently, you can identify which password you need to change.
Changing your password regularly is a good practice because it works on the assumption that your account is compromised (and you don’t know it yet) or that a bad actor is attempting to hack your password. We’ll learn more about how passwords are hacked next.
Cybercriminals employ a variety of password-hacking techniques. Perhaps the easiest is buying passwords from the dark web. Understand that hackers profit considerably from acquiring and selling login passwords and credentials on the black market. This means that if you have been using the same password for several years, it’s likely already compromised.
However, if you manage to keep your passwords off aggregated black-market lists, cybercriminals have to resort to cracking them. Here are some of the tactics they employ to gain access to passwords:
Creating a strong password is essential to securing your personal information online. Here are some best practices you should consider:
A password manager is a software application that helps to maintain, generate, retrieve, and secure complex passwords for a user’s various online accounts. It provides a convenient and secure solution to the problem of remembering multiple complex passwords. Here are some reasons why a password manager improves password security:
The importance of unique passwords for each account cannot be overstated. If you reuse passwords across multiple accounts and one of those accounts gets compromised, then all your accounts that use that password are at risk. This is known as credential stuffing. Attackers who obtain a username-password pair from one breach will often try those same credentials on various other platforms and services to see if they work.
By using a unique password for each account, you ensure that even if one of your passwords is compromised, the damage is limited to that single account and doesn’t put your other accounts at risk. This is a critical aspect of maintaining online security in an era where data breaches have become relatively common.
Remember, even the strongest password can be compromised if it’s not kept secure. Always protect your password and be cautious about where and when you enter it.