You don’t need to update your passwords frequently to be secure online, but in a few specific instances, you should change your passwords immediately.
Perform a Personal Password Audit
You can’t always prevent hackers from accessing your credentials via data breaches. Keeping an eye on your accounts is the best way to know if your accounts are at risk.
Many password managers include Dark Web monitoring or a built-in password health monitoring tool that can alert you when your credentials appear in a data breach list. These monitoring tools can also detect passwords that have been compromised in the past, reused, or weak character combinations.
Don’t Save Passwords in Your Browser
All of the popular web browsers offer to save users’ passwords when they log in to websites. Don’t do it! Browsers are big malware targets. Plus, if a stranger or anyone else uses your device, they can use your browser to log into your accounts without having to authenticate their identity. Instead of using your browser’s credential management tool, download a browser extension for your favorite password manager and use that to capture and create new passwords.
When to Change Your Password
How often does your company’s IT department require you to change the password on the computer or other device you use for work? If it’s every 60 to 90 days, they may request you to change it too soon. Old cybersecurity advice recommended frequent password changes, but not anymore. Experts now agree that using a long, strong, and unique password generated and stored in a password manager is preferable to frequently changing a password.
The best reason to change a password is if you think it’s been stolen. Otherwise, changing your passwords too often may lead you to use simple passwords that are easier to memorize, or you may be tempted to save the passwords in your browser. Unless the unthinkable happens and a password management company suffers a significant breach affecting its customer records, your passwords are unlikely to be at risk when stored in a password manager’s vault.
I’ve compiled a list of some situations where updating your password is an intelligent cybersecurity action:
Post-Security Breach
As soon as you get the dreaded security breach alert from the affected service or website, change the password associated with that account.
After Discovering You’ve Opened Malware or You’ve Been Phished
Changing your passwords may not mitigate all the damage from malware or a successful phishing expedition. Still, it can keep future attackers or scammers from accessing your accounts or impersonating you further. Use a different device from the affected one to change your account password.
It’s also a good idea to keep the antivirus updated on your device and pay attention to the links you’re clicking to prevent damage in the future.
When Someone Attempts to Access Your Account
Nothing gets the heart pumping like a late-night SMS unauthorized account access alert! After you log in to your account to make sure no one has stolen anything or made changes, update your password. Take another 15 seconds to turn on multi-factor authentication for the account too.
When Another Account Gets Hacked
If you’re using the same email and password combination for your accounts around the web (please don’t!), assume that when one gets hacked, they’re all vulnerable. Change the passwords for all accounts possessing the same credential combinations, and generate unique passwords for every site. Even if an account isn’t hacked, if you realize you have the same password for more than one account, change one—or better, both.
After Sharing a Password
Many password managers, particularly those marketed toward businesses, allow easy credential sharing between contacts. Many password managers allow you to specify how long you want to share the credential, but others require you to turn off sharing manually. Remember to withdraw access after the coworker, family member, or friend uses the password. If you are worried about the account’s security after sharing the credential with someone, change the password.
If you need assistance choosing and implementing a password manager for your business and you are a Trinity Worldwide Technologies client, please send an email to [email protected] and one of our engineers can assist you. If you are not a client and would like to learn more about the technology services we provide and how we can support your business, give us a call at (732) 780-8615, or email us at [email protected]. We look forward to serving you!
Kim Key, “When Should You Change Your Password? Not as Often as You Think”, pcmag.com, October 11, 2022