chrishoffman at April 25th, 2014 06:40 — #1
Originally published at: http://www.howtogeek.com/187645/htg-explains-should-you-regularly-change-your-passwords/
Yes, there are some situations where you’ll want to regularly change your passwords. But those will probably be the exception rather than the rule. Telling typical computer users they need to regularly change their passwords is a mistake.
ankrotachi10 at April 25th, 2014 08:44 — #2
Good article, but it is KeePass, not KeyPass
fredyferry at April 25th, 2014 08:56 — #3
I use Sticky Password for managing my passwords and I do it regularly.
mugglebornny at April 25th, 2014 09:48 — #4
I don't worry about remembering my passwords. I use Norton's Identity Safe. It's similar to LastPass. Since I don't have to memorize passwords, I can create strong ones. Using strong passwords is just as important as changing them periodically for critical sites. I would encourage others to use an app like Last Pass, Identity Safe, or KeePass. It makes life easier.
wilsontp at April 25th, 2014 11:14 — #5
Absolutely. Both KeePass and LastPass have some great features for security, too, including random password generation.
KeePass is great for people who use one computer regularly, or for people who can't or don't trust cloud services. I use it for maintaining a list of credential information for logging in to my various clients' systems; without it, I would have to rely on printing passwords on paper, which is unacceptable.
LastPass, being a browser plugin and a mobile app, is the most convenient way to save and autofill your passwords. It stores data in the cloud, so you can access it from any machine (I use 5 computers on a regular basis.)
If you log in to more than 2 or 3 web sites regularly, use a password manager. I can't recommend that strongly enough.
geek at April 25th, 2014 17:00 — #6
I've switched from LastPass over to 1Password, which is aimed more at Mac users. It's not cheap, but it has a great interface... and my password files are not synced over a third-party cloud service. (there are many options for syncing).
cybereality at April 25th, 2014 19:28 — #7
I just started using LastPass, and it's changed my life. OK, not really. But it does make me feel safer having crazy long passwords that no one can guess. Plus, it makes it easy to have a different password on every site. Recommended.
ishmael_s at April 26th, 2014 08:51 — #8
While there is no denying that strong passwords are a necessity in some circumstances, we seen to have returned to "buy a computer so I can balance my checkbook" mentality. First of all nobody wants 99.9 percent of the crap,that on most personal computers.Second, after you log into dozens of accounts with your Google or Facebook i.d., you've give away your privacy along with that of your contacts. Third but bur definitely not last is that with "once use" credit card numbers, Paypal, GooglePay, ect. available, why is it necessary to store an/or transmit so much private information? We have become victims of fear-mongers with alternative motives. There were no cats juggled last year, so far this year there has been 1 case. That projects into cases into 3 cases for 2014. That makes cat juggling the fastest growing crime in America!
No matter how diligently I protect my Social Security Number , it doesn't erase the fact that it was used as my drivers license for 30 years! Its still the same number and I can't change it! To be honest, the people who you should fear the most, already have access to everything that goes on line and probably you camera and mike too!
wilsontp at April 27th, 2014 12:19 — #9
What you're saying seems to boil down to "Nobody wants your stuff, so why bother locking it up," right?
And it's entirely incorrect:
People do want what's on your computer's hard drive. People often store all kinds of personal and useful information there.
Your email account may be the most valuable on-line resource you have - especially for scammers and spammers. If they manage to hijack your account, they will use your address list to send spam or malware to everyone you know. Since the messages appear to be coming from you, a trusted source, your friends you will open the messages and gladly click on the malware attachment, taking your word that it's a goofy LOLcat image.
Your Facebook and Twitter accounts are just as valuable; My Twitter account (which I use for talking with maybe 5 people) was recently hijacked, and I discovered that it was filled with messages in a foreign language, and the hijacker had followed hundreds of Twitter accounts. While Twitter isn't a thing I do regularly, it is for a lot of people, and it can take a long time to undo the damage that a Twitjacker can cause. (The first thing that happens when your Twitter account starts sending out spam, malware, or political propaganda is that people unfollow you.)
Your credentials for your bank, PayPal and other financial sites are especially critical to keep safe. If someone had unfettered access to my PayPal account, they could wreak financial havoc in my life.
Now do you need to take heavy security measures for every site you visit? It's not like someone is going to hijack my Pizza Hut account and send me a pizza I didn't order; but they may well jack my Amazon account and order $1000 of merch before I can stop them.
So before belittling people for taking security seriously, maybe you should seriously consider the implications of our connected world: it's far too easy to mess with someone's life if you know their passwords.
ishelton2 at April 28th, 2014 00:07 — #10
I don't question the necessity of internet security, I questioned the necessity of paranoia What was the name of the waitress that walked away from your table with your credit card in her hand? How do you know that your free virus scanner doesn't transmit information from your computer when it updates?
There are still billions of people who conduct business daily without the internet. Everything you put on or send through your computer is your choice. If you didn't put every intimate detail of your life online you wouldn't have to worry so much! If internet security has become a part-time job maybe you've gone too far! I have little doubt that many of the same people you pay to protect you are the very same people who created the threat.
Not everybody needs what you may need. I'll sell you the contents of my son's hard drive for the price dvds and postage. Steal my amazon account and you'll also need to answer my phone and pick of the merchandise from my house. America has become the land of gullible suckers and those who prey upon them\ an it will always be that way. What ever happened to common sense? .
tim at April 28th, 2014 20:45 — #11
i can't believe that nobody mentioned the one reason you do want to change your passwords frequently. the time it takes to crack it. if it takes three months to crack it, and you change it every one or two, then you just stopped an attack. and so what if you do append, or pad, your password? by making 10 - 12 character passwords with substitution and even padding at the front or the end with characters, then you have a strong one. example: P@ssw0rd$$$. and there is another good idea, keeping five or six good passwords and use them in combination. and i always used to advocat to write the password down if you can't remember it, but keep it in your purse or wallet.
michaeltunnell at April 28th, 2014 22:24 — #12
these are terrible suggestions...sorry they just are.
99% of weak passwords are cracked within mere seconds. Strong passwords should take A LONG time this is what actually makes them strong. Changing passwords periodically will add extra security but is not really necessary if proper password management is done.
This is not a good idea...character substitution is not actually safe from computers especially if the brute force software used to break it is any good. The example you gave would be broken in about 15 seconds.
Random Generated Passwords is the best option.
This is not a good thing to tell people either because NO ONE should use any passwords in multiple places. One Password Per Site and that site should be the ONLY site with that password.
This might be ok for people to put their master password in their wallet...though if they lose their wallet or it gets stolen they will have a huge mess on their hands.
The best thing is to make a really strong Master password and then memorize that and only that....if you only need to remember one password then that is fairly easy for anyone to do because it is just one password to access your password manager.
Proper Password Management is actually pretty simple and easy for anyone to do...
- Get a Password Manager: LastPass, KeePass, 1Password, etc.
- Create a VERY strong Master Password, this is the ONLY password you will need to remember so make it strong and make it something you can remember.
- Use the Password Generator Tools in your password manager.
- Make your passwords at least 10 characters but more the better within reason, you may have to type them at some point.
- Use a combination of lowercase letters, uppercase Letters, Symbols (#$%^), Numbers and use your generator to do this.
- Make a different password for EVERY website.
- If you have multiple accounts on one website, make a new password for EVERY account. (you should NEVER have duplicate passwords)
The password managers will keep track of everything for you, autofill your passwords for you and you don't have to worry about forgetting anything...there is only one password to remember and everything else is done automatically.
system at May 5th, 2014 06:40 — #13
This topic was automatically closed after 10 days. New replies are no longer allowed.