Update Your Passwords

January 2025 — Tip of the Month

In January 2017, I recommended that you don't change your password. Seven years later, I stand by that advice, as juggling too many passwords is less secure than choosing a few good ones. But it is wise to change your passwords every few years in case one of them is compromised.

The beginning of the year is a great time to choose new passwords since it will help you remember when you last updated them. I updated several passwords last year, and most of my common logins now have a new password. When I log into a frequently-used account, I enter the new password, and when I log in to an account I haven't used for a year or more, I know to enter the old password.

How to Methodically Update Your Passwords

If you decide to update your passwords this year, I recommend using three or four, which you can categorize for different websites. Use the least secure password for casual sites like web forums and the most secure password for data-sensitive sites like banks. For example:

1. Web forum: M0nkey*52
2. E-commerce site: FuzzyM0nkey*52
3. Online bank: 1FuzzyM0nkey*52$

Using similar passwords across multiple sites makes them easy to remember. Having a few different ones prevents a data leak from affecting all your logins.

Many sites now require a secure password. But regardless of a website's requirements, all your passwords should:

1. be at least 8 characters long
2. not be a single word or name
3. include letters and numbers

Your most secure password should:

1. be at least 12 characters long
2. not be a single word or name
3. include upper and lowercase letters
4. contain numbers and symbols

Fun fact: the "52" in the passwords above was not random — it's the reverse of 25 for "2025," the year I created the new password. Using a similar convention will help you remember more passwords over time.

But yes, everything else was random. 😎

- Per Christensson