For years, security professionals recommended that consumers change their passwords every few months. The thinking was that doing so would limit the potential damage if one of those passwords were to be compromised. Cybercriminals would have a limited amount of time to use that password, even if nobody ever figured out it had been stolen.

But what these security pros eventually figured out is that the more often people are forced to change their passwords, the more likely they are to set bad ones. Most experts now believe that it’s better to set great passwords for all your accounts just once and let them be, unless of course you later find out they’ve been compromised.

Tips for setting good passwords

Longer is better. At least 16 characters is best. At that point, you don’t have to worry so much about password-cracking software. Random sequences of characters are best, but passphrases, such as a combination of three unrelated words, will be OK in most circumstances. Throwing a special character, such as a symbol or punctuation mark, in the middle won’t hurt.

Skip the personal details. Even the best passwords can be stolen and compromised. So limit the fallout by making sure you set unique passwords for all your accounts. Sure, that could be a lot to handle, since we’re recommending 16-character or longer passphrases.

Change can be good. Most experts now say you don’t actually need to change your passwords on a regular basis. But they all agree you should change them right away at any hint of compromise.

Resist the temptation to recycle. Even the best passwords can be stolen and compromised. So limit the fallout by making sure you set unique passwords for all your accounts. Sure, that could be a lot to handle, since we’re recommending 16-character or longer passphrases.

Keep your details off social media. The more personal details you post, the more cybercriminals know about you. Those little, seemingly unimportant, bits of data could be used to crack your passwords, especially if you did include personal details in them.

While you’re at it, stay away from quizzes you see posted on social media that ask a series of seemingly harmless questions in order to tell you what city you should live in or what your ideal vacation spot would be. Sure, they’re fun, but they might be collecting personal information that could be used to crack your passwords down the road.

Always, always use 2FA. If your password does get compromised, a second layer of protection will go a long way toward protecting you. Two-factor authentication, also called 2FA, and multi-factor authentication, MFA, are being used by a growing number of sites and require someone trying to access an account to also enter a second form of ID.

It could be a code generated by an app, a biometric like a fingerprint or facial scan, or a physical security key you insert into your device. Yes, that’ll slow you down as you access the account. But it’s worth it to keep your account safe.

One word of warning: If you can, avoid 2FA systems that text a code to your smartphone. SIM swapping, a scam in which a cybercriminal takes over your phone number, is on the rise. If a criminal gets control of your phone number, they’ll get your 2FA text message, too.

If you have any questions or need guidance on choosing a password manager call us at 732-780-8615 or email at [email protected].

---

Bree Fowler, Excerpt from “Happy National Change Your Password Day“, cnet.com, Mar 19th, 2024