Many people still make the mistake of trusting the same password to protect different online accounts, not realising that if one site suffers a data breach, that it may allow hackers to break in to other accounts elsewhere.
It is more important than ever to ensure that all of your passwords are unique, as well as being impossible to guess and hard to crack. But should we change them on a regular basis?
Security certifications such as ISO27001 and CyberEssentials no longer require users to reset passwords on a regular basis, focusing instead on complexity of passwords.
A recent survey reports that 49% of people admitted that when forced to update their passwords, they reused the same one with a minor change, with many users relying on their memory rather than something more reliable to store passwords, creating a tendency to choose weaker, easy-to-crack passwords as well as reusing old passwords or making minor changes to existing ones, such as changing “Password1” to “Password2”.
Although there are good reasons for sometimes changing passwords, regularly changing your passwords can lead you into the dangerous territory of choosing poor passwords.
Integrity IT recommended the use of a password manager, there are many free ones available such as LastPass or KeePass for example. As well as storing passwords, many password managers can be used to generate strong passwords which are impossible to guess, meaning you don’t have to think about making up or remembering secure passwords.
Do not use password rules to generate passwords, because if someone works out your rule they can work out other passwords you may have used.
Finally, when it comes to picking a unique password for your password manager, instead of using a single word, use a “pass phrase” made up of multiple words which is much harder to guess.