Why changing your password regularly is a terrible idea

FORCING people to change passwords frequently probably doesn't do much to stop cyberattackers. Are you listening IT?

Recent research has tended to support the notion that when people are forced to frequently change passwords, they make sloppy ones that are easily broken.

As a UNC study for the Federal Trade Commission concluded that essentially, because we don't use much brainpower in changing them, hackers are able to predict the changes we'll make more easily - which happens more if you ask people to change their passwords with more frequency.

The researchers said:

We believe our study calls into question the continued use of expiration and, in the longer term, provides one more piece of evidence to facilitate a move away from passwords altogether.

Password security expert and author of Perfect Passwords, Mark Burnett, told Wired:

With a strong password, there is little to be gained having to change it every few months.

Six months to a year will result in a better experience for users and allow for stronger passwords.

So there you go, IT. Fewer changes, but better, more original passwords.



How your school performed in NAPLAN over five years

premium_icon How your school performed in NAPLAN over five years

Search your school to find out how it performed.

Tweed’s water supply to run out by September

premium_icon Tweed’s water supply to run out by September

Council takes drastic action as an unprecendented drought grips the Tweed.

Burger chain forced to pay $1.1m owed to staff

premium_icon Burger chain forced to pay $1.1m owed to staff

A fast food chain has been forced to back-pay workers more than $1m.