How Frequently Should You Change Passwords?

We’ve all heard that using the same password across multiple platforms that guard sensitive information is unwise. But even with varied passwords, failing to change them enough can produce security risks.

Network security is often a result of many moving parts, including healthy server infrastructure and strong administrative IT monitoring. But some steps to protecting your data are simpler than you may think at first. Among those, how often you should change your password. Despite what you may have been told, in this situation, less can be more. The question remains then, how frequently should you change passwords? Let’s dive in.

Frequent Changes Create Disruption

At one time, industry standards suggested passwords for all employees should be cycled through every one to three months. At first, this conventional wisdom makes sense. Changing out passwords frequently ensures that hackers have fewer opportunities to penetrate accounts protected by a few-year-old password. But the reality is that adhering to this practice can send businesses in disarray. Employees may struggle to keep up with their series of passwords, deciding to instead cycle through the same few passwords, write them down physically or in digital documents for easy location, or simplify the passwords so they’re easier to remember. This means employees run the risk of accidentally exposing access to their account in attempts to streamline the frustrating process.

Change Passwords According to Actions

Instead of assigning an arbitrary date when every employee is forced to change their password by, prioritize password security education to help employees identify when passwords may be at risk. These times include: when a network security breach is detected or even suspected, when an employee has to access sensitive info on a public computer or network, there is evidence or the possibility of a virus or malware on an individual computer, if a password is utilized for any other account, and if it’s been over a year since a password has been changed. However, even those that are the most vigilant about protecting their password may not be able to singularly prevent a data breach, which is why it’s crucial to take additional steps to build a stronger password network for your entire company.

The Toolkit for Password Health

As mentioned, if a month is too short to change your password (unless encountering one of the situations above,) then a year is too long. But keeping up with password changes is only one tool to help protect your passwords. Other tools and habits we reccomend include:

  • Utilization of a password manager tool such as Splikity, LastPass, or Keeper. These applications help you manage every password on your network, and include features such as encryption and multi-factor authentication, which establishes several layers necessary to verify identity.
  • Educate employees on the importance of password complexity and strength, including the necessity of not reusing the same password across multiple accounts.
  • Meet with your IT experts to assess the health of your companies passwords, including identification those which may be compromised, weak, or too old.

Knowing when to change passwords may seem like a basic security skill, but it is an imperative one to keep sensitive data secure and business running smoothly and effectively. TecFac understand the importance of password health, and we have worked with numerous companies to ensure that they are protected from data breaches top-to-bottom. Contact us today to see how you can better keep your business safe.