There’s a certain irony in finding out over 272 million email credentials were compromised (and put up for sale) by a Russian hacker just as we recently had World Password Day not too long ago on May 5th. And that’s just what happened. The timing is fortuitous, I think, because it’s easy to pooh pooh the advice to change our passwords, or to think we’ll get around to it later…and we don’t.
Consumers are lazy about their passwords!
A 2015 study discovered just how lax we are about our passwords:
- 73% of online accounts use duplicated passwords
- 54% of consumers use five or fewer passwords across their entire online life
- 22% use three or less
- 47% of consumers rely on a password that hasn’t been changed for five years
All of this despite the fact that 40% of these same consumers had experienced a security incident of some kind in the year prior.
There’s such a thing as changing your password too often
Changing passwords too often, on the other hand, can lead to simplistic passwords that are easy to guess at. You might run into this common situation with software you use for work or school: Every three months or so, you are forced by the system to change your password. The effect of this forced frequency has been shown to lead to lazy passwords, with consumers changing only one digit—which is easy for hackers to figure out.
The key is to find the balance between changing your passwords often enough to protect yourself but not so often that you’re defaulting to common passwords like 12345.
Changing your password doesn’t have to be a monthly thing. Some experts say changing passwords every 6 to 12 months is frequent enough (and saves you from the possibility of re-using or only slightly altering passwords if you are changing them more frequently).
Change your passwords once a year
That’s why World Password Day is such a good idea (and why maybe some of that software forcing password changes should be altered to “take a chill pill,” as my teen would say). World Password Day is that one day of the year when you can change all of your passwords and know it’s done and that you won’t have to do it again for another 364 days.
Use different passwords!
It’s imperative that you use different passwords for each account. This can’t be stressed enough.
One of the most common (and dangerous) mistakes committed by consumers is using the same password across multiple accounts. If hacked, it can cause a “domino effect,” allowing all accounts with the same password to be breached.
When we use the same password repeatedly across different account, we are setting ourselves up to become victims of the domino effect whereby a hacker can gain access to multiple accounts after compromising just one.
Also, significantly change your password. If you go from thisismypassword1 to thisismypassword2, that’s easy for a hacker to figure out.
Advice for easier password changes
To easily change your passwords in an effective way, follow the advice of the author of Perfect Passwords, Mark Burnett. Burnett says to use parts for your passwords, such as words and numbers that are written out. Then you can easily change a password by changing one part. For example, I might use the password myhorsesnameisalvin, and then change it to myhorsesnameischase.
For more advice, you can get tips for stronger passwords (and even your choice of a pep talk by none other than Betty White) at PasswordDay.org, where multi-factor authentication is the name of the game.
But whatever you do, change your passwords every May, and make the changes significant. You’ll have a little bit of hassle once per year, but you’ll gain invaluable peace of mind!