Y0ur P@ssw0rd S*cks is a bi-weekly column that answers the most pressing internet security questions web_crawlr readers have to make sure they can navigate the ‘net safely. If you want to get this column a day before we publish it, subscribe to web_crawlr, where you’ll get the daily scoop of internet culture delivered straight to your inbox.
Welcome back to Your Password Sucks, the Daily Dot newsletter column that answers all your internet security-related questions. It’s been a minute since we’ve answered your queries, so what better topic to touch upon than passwords themselves?
As one Daily Dot reader asked, should we change our passwords regularly? And if so, how often?
You may think the answer to this is clear. Changing your passwords often must be a good idea to foil hackers, right? Yet as it turns out, security experts don’t believe so.
Should you change your passwords regularly?
For a long time, and to a small degree still to this day, online companies have asked users to change their passwords every few weeks or months. The thought was that by changing passwords regularly, you could better protect yourself from being compromised if one of those passwords were exposed.
Extensive research shows that such requirements don’t really make users safe. Why? Well, unfortunately, people tend to use the same passwords all across the web. This is unsafe of course because if your credentials for your email are exposed, for example, a hacker can then use those same credentials to get into your bank or your social media accounts.
When people are asked to change their passwords, what they often do is slightly alter their previous password by adding a new number or symbol to the end of their old one. People tend to do this because, well, who can remember all those passwords anyway? But a hacker could easily put your old password into a password-cracking program and quickly learn your new one if it is similar.
Granted, much of this security advice came long before many of the security tools we use now were widely available. Changing your passwords regularly isn’t necessary if you follow the fundamentals for protecting your accounts.
The fundamentals of a good password
If you’ve read this column before, you’ll likely know what those fundamentals are. Firstly, all your passwords should be complex and unique. Secondly, all your online accounts should have two-factor authentication enabled, which will protect you even if your password is exposed. And thirdly, using a password manager is the best way to create and store your passwords.
Of course, there are some scenarios where you’ll want to change your password. If you find out that your password was compromised, let’s say in a large-scale hack of an online service that you use, then it’s definitely a good idea.
It’s not the end of the world if you do decide to change them regularly, so long as your new passwords are unique and complex, but it shouldn’t be something you stress about.
Internet culture is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here. You’ll get the best (and worst) of the internet straight into your inbox.