How often does your company change passwords? Once a month, twice a year? Never? The debate over how often to change passwords rages in the tech community. Some tech experts support regular password changes to avoid hackers and deter attackers from regularly gaining access to your business files and servers, while other experts take the position that password changes don’t necessarily help stop cyber attacks and, in fact, may cause an undue burden on businesses. Let’s take a closer look at the two side of this debate so that your company can evaluate what might be best for your company.
The Theory Behind Regular Password Changes
Regular password changes are theoretically a good idea because they ensure someone can’t acquire your password and use it to snoop on you over an extended period of time. For example if a hacker were to gain access to your business accounts that may contain private information, credit card numbers or bank accounts, that person could revisit your files and gather more and more confidential information, possibly without you even knowing it! If a password has been compromised, changing it every so often can potentially cut off access for bad guys who may have figured them out.
‘Changing Passwords Regularly Doesn’t Help’ Theory
According to the Federal Trade Commission’s chief technologist, Lorrie Cranor, the strategy of changing passwords has some major holes. First of all, forcing employees to keep changing their passwords can result in workers coming up with, well, bad passwords. If your password is not compromised, you don’t benefit by selecting another uncompromised password; you just inconvenience yourself. If human beings had infinite time and perfect memory, regular password changes would be a fine idea. In reality, changing passwords imposes a burden on people. It’s already basically impossible to choose strong, unique passwords for every website and remember them. According to How to Geek,  if an attacker gains access to your accounts, they’ll most likely use their access to cause damage right away. If they gain access to your online banking account, they’ll log in and attempt to transfer money out rather than sit and wait. If they gain access to an online shopping account, they’ll log in and attempt to order products with your saved credit card information. If they gain access to your email, they’ll likely use it for spam and phishing, or attempt to reset passwords on other sites with it. If they gain access to your Facebook account, they’ll probably attempt to spam or defraud your friends immediately.
Ask your tech professional or call M&H Consulting to discuss your business safety needs. We can create a comprehensive security protocol that can include your passwords and backup strategies in the case of a cyber attack.
Categorised in: Computer Support, data management, Password, Security