Changing Passwords Regularly is Doing More Harm Than Good
How often do you change your passwords?
Every month? Every year? When you are forced to? Or just when you forget it?
If you’re like most people, it will likely be one of the last two options.
Passwords are an inconvenience; just one more thing to remember on top of everything else. So when you do need to change them, what do you do? You add a number to the end of your current password. T34m1R0nMan becomes T34m1R0nMan1, then T34m1R0nMan2, and so on and so on and so on.
Or (if you have a really horrible IT administrator) your new password is not allowed to contain any characters from your old password, so you need to come up with a new one each time…each one easier to remember (and probably easier to guess) than the last one.
Now, what would you say if I told you that I have a list which contains your password? Don’t believe me? If your password is based on a name, a sports team, a dictionary word, a film name, celebrity name, I have it.
It has a number at the end? No problem. The tool I would use to hack your account would try any combination of that list, and any numbers and symbols that I tell it to. You substituted numbers or symbols for some of the letters? Sorry - it does that too.
Two things make it difficult (or impossible) for my tool to crack or guess your password:
-
Account lockouts. If your account, whether Gmail or Facebook or Windows logon, is set to lock after a few unsuccessful login attempts, I would need to have a very good idea what your password is or I wouldn’t stand a chance. You can’t always rely on this though, there are some sneaky ways round it. So point 2 is your best option….
-
Have a really long password. It doesn’t have to be complex - it’s the character count that matters. If you want to get into the ins and outs of why password length is more important than complex have a read of this, but basically “D0g.....................” would take 95 times longer to guess than “PrXyc.N(n4k77#L!eVdAfp9” because of the extra character.