Password changes are often recommended to keep your account safe, with some companies enforcing them every 1- 3 months. We’ll put this myth to rest and show you why changing your password often doesn’t make it more secure.
Conventional wisdom states that you should change your passwords regularly to keep hackers off-kilter and continuously scrambling to access your data. These password changes are often advised by IT professionals as a way to keep your account safe and your information secure.
Although it may sound reasonable, it’s not as accurate as people would like to believe. The truth is that changing your password regularly makes you more vulnerable to data breaches and hackers than choosing a strong password in the beginning and leaving it alone.
Forced password changes
Even though it’s your password, some companies have policies in place that require you to change it every 30, 60, or 90 days. They operate under the assumption that changing passwords frequently will keep their data secure. If your password is changed regularly, it ensures that anyone who has unauthorized access to your account can’t maintain it for very long.
Unfortunately, enforcing frequent password changes for security reasons can backfire. These password changes can pop up at the worst possible moment: when you’re clocking in or out for the day, trying to access your weekly time card, or just trying to get into your email. Pressed for time and facing an account lockout, people tend to fall into a predictable pattern for creating a new password. The passwords chosen are simplistic, incredibly easy to remember, and often go up in sequential order, because they only change the number or special character that’s tacked on the end.
These simple and predictable password patterns are easy to hack, leaving your data far more vulnerable and insecure than it would be if you generated a strong password once and stored it securely in your password manager.
When you should change your password
Although there’s no need to change your password regularly, there are times when it’s necessary to change your password for security reasons. The obvious time to change your password is when a website you have an account for is compromised in a data breach. Data breaches are alarmingly common, and you should take the right steps to protect yourself and your information.
Watchtower, a security feature built into 1Password, keeps you informed about password breaches and other security problems for the websites you’ve saved in 1Password. We monitor things for you and update Watchtower whenever we discover a security breach, so you can change your passwords right away.
If a security breach is reported, Watchtower adds an alert banner to the item if you haven’t changed your password since the breach. It also alerts you to any vulnerable passwords that have been exposed in a data breach. Although an attacker may not know that you’ve used that password, let alone which site you used it on, it’s among the first passwords they’ll try in a password reuse attack.
However, not all password changes will be tied to a data breach. Whether you’ve shared your login with a friend or ex-partner, signed in through an insecure network, or suspect that your device was compromised, it’s a good idea to change your password. While these don’t guarantee your passwords were leaked, it’s much better to be safe than sorry.
How to generate a strong password
Creating a unique password for each website you encounter can be mentally taxing if you’re trying to do it all on your own. It’s tempting to use muscle memory and slide back into the habit of using the same password everywhere. But you should try to resist the urge, because the more random and unique your password is, the stronger it is. And strength equals security.
Watchtower helps you audit your passwords, quickly identifying any weak or reused passwords that need to be changed. After a weak password is identified, 1Password makes it easy for you to generate a new one. The Strong Password Generator allows you to create strong, unique passwords that fit even the most picky password requirements. You can set a specific password length, and adjust the number of digits and symbols. All you have to do is click to generate, and then save your new password.
The best part is that you don’t have to memorize the password. 1Password will securely store it for you – and even fill it with a single click.
Other steps to secure your account
We know you and your IT department want to keep your data and accounts as safe as possible, and we want to help you achieve that goal. In addition to your Master Password and Secret Key, you can also enable multi-factor authentication for your account, ensuring your 1Password data is for your eyes only.