Skip to main content

Frequent Password Changes May Compromise Security

By August 18, 2016May 25th, 2021Blog, Cybersecurity

FrequentXPasswordXChangesXMayXCompromiseXSecurityBy now, it’s a familiar story. Conventional wisdom holds that you want to use a different password on every site or service you log into and that you want to change your passwords regularly, in order to maximize security. What if conventional wisdom isn’t true though? There’s a growing body of evidence that it isn’t.

Sometimes there can be too much of a good thing. True, you definitely want to break the habit of using the same password across multiple accounts, but where changing your password is concerned, changing it too often can actually work against you.

A growing number of surveys indicate that there’s a direct correlation between password strength and the frequency with which the password must be changed. There’s a lot to this, but in summary, it looks like this:

If you’re requiring your employees to change their passwords on multiple systems every 30 or 60 days, those employees aren’t going to invest a lot of time and effort into coming up with truly secure passwords. The reason? It’s annoying, and they feel as though every time they turn around, they’re having to come up with one (or more) new passwords.

The frequency leads to frustration, and the frustration leads to lax passwords that are easily guessed at or brute forced. Anything over the 60-day mark seems to have positive benefits to overall digital security, and anything under has a negative impact.

With this information in mind, now is an excellent time to review all the password protected systems you have in place at your company, and come to an understanding of how frequently the users of those systems are having to change their passwords. Simply making an adjustment to the reset frequency could see you with a net gain in overall security, with no additional investment required. That’s win-win.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.