Passwords are something we regularly discuss here at Spectra Networks. We advise our clients to use strong passwords and password managers to help create secure passwords and store them for use later. One question we’re often asked after advising about the best practices of password management is how often and when a password should be changed. While there are factors to consider regarding the frequency of changing passwords, it is important to note that many experts believe every three to four months may be best. In contrast, others have a list of circumstances of when changing passwords is critical.
How Often Should Passwords Be Changed?
Experts at McAfee believe that changing passwords every three or four months is a good practice to get into. However, other cyber security experts suggest quarterly may be too often, especially when strong passwords are already in use and a password manager is storing all data to those credentials. (Pim.com) It all depends on your unique circumstances and business needs. The graphic above from PC Mag online shows on average how often users are changing their passwords. Where do you fit into this graph? If you are among the 26% who do not regularly change passwords please continue reading for times when you should change the passwords at your workplace.
Circumstances When Passwords Should Be Changed Immediately
Most security experts can agree on one thing - that there are certain special circumstances that warrant an immediate change of passwords. Here are some examples that may impact your business.
Employee Termination
If you have employees that have access to your password manager, accounts, and files and have been terminated from the company, now is a good time to do a security check-up and change the passwords to all the accounts that the employee who had access to.
After an Account Hack
If you have found that friends are getting weird emails from you, a work account has been flagged as vulnerable, or you just seem to notice oddities in the usage of your accounts, you may have been hacked. Even before an internal audit by your IT department, start changing those passwords to stop the hacker from continuing to have access to your accounts.
After the Discovery of Malware
If your IT department or security software detects malware on your system, now is the time to switch your passwords otherwise your business or personal data could be at risk. For this reason, it’s a good practice to get into updating your software whenever it is possible to have the latest version of antivirus and antimalware installed on your computer.
After Using an Unsecure Network
In our last blog, we discussed the dangers of using free public wi-fi as these networks are often not secure and don’t always use encryption. After you have logged in at an airport or hotel during a business trip you may want to change your passwords in case any of those super convenient free hotspots had malicious hackers lurking around. Need help with password security and when to update your passwords? Talk to our team about conducting a security check-up and maintaining your business data safely.