How Often Should You Change your Password?

In the not-to-distant past, tech experts raved that “best practices” of password security included changing passwords fairly often. Some websites and companies required changing passwords every 30-42 days. In fact, the Windows server defaults at 42 days. So that means that every month or so employees must create and remember a new password for each account in order to gain access. While this may limit how long a stolen password could be useful to an online attacker, it is mostly seen as a frustration to employees who must resort to remembering a new combination of letters, numbers, and special characters.   Now there seems to be a trend toward the idea that changing passwords often causes a loss in productivity with minimal security benefits. The National Institute of Standards and Technology (NIST) cites multiple studies stating that changing passwords every 30 days is counterproductive to the end goal, namely creating secure access to business data, files, websites, and servers. The research has shown that workers many times forget the new passwords, change them to something similar, or make silly mistakes such as using sticky notes on their laptop to remember the newest password. Instead of changing passwords based on a calendar, here are some suggestions for making your passwords more secure, regardless of when you change them.     Does your business need help with security or password management? Call Spectra Networks at 978.219.9752, or visit our website at Spectra Networks to stay on top of your security issues.  ]]>