As more personal information is transferred to the virtual space, the risk of data becoming vulnerable increases. One of the main targets for modern hackers is passwords. When should they be changed, and what password combinations are the safest?
Frequent password changes – not always a good solution
Not long ago, IT experts recommended regularly changing passwords to reduce the risk of secret thefts or cybercriminal hacking.
Gediminas Mikelionis, an IT engineer at "Baltimax" and an ESET expert, states that trends are changing. "Recent studies show that frequently changing passwords on a set schedule doesn't necessarily enhance account security. In other words, there is no one universal answer to when you should change your passwords," says Mikelionis.
The cybersecurity expert explains why it is not recommended to change passwords every few months:
- Users tend to choose weaker and easier-to-remember combinations when they know they will have to change them soon.
- The updated password is often similar to the old one, just slightly altered, for example, by adding a number.
- This practice creates a false sense of security: if the previous password was already insecure and the new one is not stronger, hackers can easily crack it again.
- New passwords created every few months are more often forgotten or written down somewhere, making it easy for others to find them.
When is it necessary to change a password?
There are several cases when it is essential to change a password, especially for critical accounts.
You should change it if the password has leaked into third-party databases, and you are likely to be notified by the service or password manager providers performing automatic checks on the dark web.
You should also change it if the password is weak and easily guessable, included in lists of commonly used passwords, or reused across multiple accounts.
Moreover, you should urgently change your password if you learn that malware has entered your device, you have shared your password with someone else, you have removed people from a shared account, or you have logged in on a publicly available computer, for instance, one available in a library.
It is important to remember that simply changing a password is not enough; it needs to be reliable. Cybersecurity expert G. Mikelionis provides two main rules he follows when creating passwords.
"When creating a password and trying to remember it, I convert a simple word into symbols and numbers. For example, I change 'password123' to '5l@pt@z0d1s123.' In some exceptional cases, I don’t even know the password because I remember the combination on the keyboard.
The second rule is to always use two-factor authentication if the system supports this feature," advised Gediminas Mikelionis.
The second rule is to always use two-factor authentication if the system supports this feature," advised Gediminas Mikelionis.
7 tips to protect your data:
- Always use strong – long and unique – passwords.
- Store them in a password manager that has one main login password and can automatically remind you of all your passwords for any website or app.
- Monitor alerts about compromised passwords and take immediate action upon receiving them.
- Whenever possible, enable two-factor authentication to ensure an additional layer of security for your account.
- Consider enabling passkeys for seamless and secure access to your accounts using your phone.
- Regularly review your passwords: check all your account passwords to ensure they are not duplicated and are not easily guessable. Change any weak, repetitive, or those that might include personal information, such as birthdays, family member names, or pet names.
- Do not store passwords in your browser – this is a popular and easily accessible target for hackers. Using malware, hackers can steal passwords. Additionally, any other person using the same device could see the saved passwords.
