Passwords – How often should you really change them?


Subscribe To Our Blog

For as long back as I can remember, I’ve always been told to change my passwords often, don’t use the same password for multiple accounts, make them complex, don’t use a variation of the word “password” and don’t write them down where someone can find them. Sounds like good advice, right? But some people don’t take this advice seriously – but why?

  • It’s not a high priority – If you have never experienced being hacked, other tasks seem more important in the moment. Even though it’s a quick process, we don’t want to deal with something that might happen when there are a hundred other things we know will
  • You won’t remember it if you change it right now or you draw a complete blank on what to use. You must have a certain number of characters, upper case, lower case, a number, etc. and trying to remember a new password when you aren’t in the right frame of mind can be tough (remember we aren’t supposed to write them down).

But how often should you really be changing your password?

Sometimes you don’t have a choice. Mandated password changes were originally designed so that unauthorized users who learned another user’s password would be locked out once a password change was made. But, according to the Federal Trade Commission, changing your passwords too often can actually cause more harm than good.

Changing your passwords every three months or less can actually lead users to make only minimal changes to their passwords and they start to use detectable patterns or “transformations,” such as incrementing a number, changing a letter to similar-looking symbol (for example changing an S to a $), or switching the order of digits or special characters  amongst others.  Pushing people to do frequent and mandated updates to their passwords often causes users to create detectable passwords instead.

Tips for creating new passwords:

  • Avoid simple transformations,
  • Avoid new passwords that are similar to or related to the old one. Start fresh!
  • Keep dates (including the year of the change or your birthday) out of the password – I know it’s tempting!
  • Make the password unique to the account (don’t recycle ones you have already used).

Strive for length to make the password stronger. Even one more character can make a big difference. Password management apps can help you keep track of longer passwords regardless of how many of them you have, ensuring you don’t sacrifice security for easy recall. Tools such as these will also generate complex passwords, remember them for you, prompt you when it’s time to change, and even assess the vulnerability of current ones.

In the end, the best protection you have is yourself.  You need to monitor you accounts, check your credit report, and keep an eye out for fraudulent activity.   Simply put, unique and hard to replicate is the name of the game when it comes to passwords!







Mickie-Ann Budny
Litchfield Branch Manager, Vice President
NMLS MLO ID: 698742