The financial and health care industries have made it a requirement that you change passwords regularly regardless of real benefits. Because of this, you do not have much choice; you just need to comply. A study done at UNC-Chapel Hill on password change frequency found that people tended to create simpler passwords that followed a clear pattern when they were forced to make frequent password changes.For example, they might use the same password but add the month and year that it was changed. The primary problem with this is that once a bad guy knows the password their ability to guess future passwords was almost 100%. Setting a password policy that does not allow any portion of the previous password to be reused is best. However, if you are like me and all you want to do is log in and get to work, having to come up with a brand-new password that does not contain any similarity to the last password can be frustrating at best, especially if you are in a time crunch.
We suggest that for most small business changing passwords once or twice a year is frequent enough. The exception to this will be if a key person leaves or if there is any possibility that a password has been compromised.
You probably log into dozens or even hundreds of websites and programs. Keeping up with individual passwords for each of these is not only impractical it is nearly impossible. I know that reusing passwords is not a smart idea, but I am not creative enough to have unique passwords for each site. Probably one of the best ways to solve this problem is to use a commercial password management tool. These tools can usually create completely random passwords for you and automatically populate the password field for you so that you do not have to remember the password for each site. As a word of caution – if you were a hacker this would be a website that you would attack vigorously knowing that once cracked the main site you would have access to many thousands of passwords.
Making your passwords more complex and changing them less often could be a better strategy than having recycled or simple passwords that change frequently.
At Total Computer Solutions, we have decades of experience with network security. TCS can guide you in the right direction if you have any questions about keeping your data secure with no obligation, just give us a call at (336) 804-8449 or fill out our form here.