If you have been browsing the internet for password advice and management, you may have stumbled upon a commonly toted piece of advice - “Change your password every 6 months to a year.”. This has been one of the most common and well-established cybersecurity practices. However, as the cyberspace develops and shifts, it seems as though this widely shared piece of advice may no longer be relevant.
Microsoft recently made some changes to their cybersecurity courses and revoked the long-standing recommendation for frequent, forced password changes. Asking users to periodically change their passwords could potentially be harmful. When asked to constantly change their passwords, users will typically pick similar or potentially weaker passwords because it may be difficult to devise a unique password each time. Choosing similar or even weaker passwords does nothing to help strengthen the organization’s security.
Despite the issues that surround asking employees to constantly change passwords, it can still be problematic to never change your password. If passwords are the only safeguard that users have in place, it can be difficult to identify a breach if users are not required to change them frequently. Cybercriminals could go undetected for long periods of time before they make their move on the company.
Changing your password is not the only security measure available to ensure that your organization has strong and secure passwords. First, make sure that your users are choosing strong passwords to begin with. It may be helpful to use a password management tool such as LastPass to generate unique and secure passwords. This tool will help to store, save and organize all the passwords onto your device. It will also help to ensure that you are not repeating or using the same password for multiple platforms. It is also important to layer your security with two or multi factor authentication whenever possible. Adding this layer of security will help to lower your risk of a security breach.