Don't Change Your Password

January 2017 — Tip of the Month

A lot of security "experts" say you should change your password every few months. I disagree.

What they don't take into account is how many passwords you end up using over the course of several years. Not only do all these passwords make logins more difficult to remember, it actually makes your accounts less secure. This is because most people don't change all their passwords at once, leaving old passwords for some accounts and the new ones for others. The result is more passwords to keep track of and more passwords that can get compromised.

I think a more secure approach is to choose a few very secure passwords and don't share them with anyone.

One of my first monthly tips – way back in 2010 – was how to manage multiple logins. I said it was good to have three primary passwords and I still think it's a good idea.

1. One password for fun or recreational accounts that don't contain financial information.
2. Another more secure password for accounts that contain financial data or other highly sensitive information.
3. Another completely different password for your primary email address. If a hacker gets control of your primary email account, he or she may be able to gain access to several of your other accounts.

If you are using insecure passwords for any of your accounts, this monthly tip doesn't apply to you. I think you should change your password(s) to something more secure (ideally with some capital letters, numbers, and special characters). However, if you are using secure passwords, I don't see any reason why you should change them.

- Per Christensson