fuseferro.blogg.se -

You shared access to an account with someone else and they no longer use the login.

There is evidence of malware or other compromise of your device.

There is evidence of unauthorized access to your account.

After a service discloses a security incident.

There are key times when you should change a password. Now, this doesn’t mean you can avoid changing passwords ever again.

Also, if you’re like me and have over 300 accounts to keep track of, changing them every month just isn’t realistic. If NIST themselves are recommending against frequent password changes and admit that draconian password measures don’t improve security, then I think we should all consider their advice. The recommendations include decreasing both password complexity and the volume of forced password changes. Last year, the National Institute of Standards and Technology (NIST) published new recommendations in their “Digital Identity Guidelines”. NIST no longer recommends frequent password changes Whether at work or at home, we tend to display the same bad password behaviors everywhere. People skirt the rules, so they can keep doing their jobs with minimal disruption. Corporate policies are too strict, so employees write them down, make them as memorable as possible. Employees have too many passwords to remember. The result? Password security is in a terrible state. In offices worldwide, IT policies forced employees to regularly change their password. Frequent password changes make things worseįor years, security professionals recommended changing passwords every 30, 60, or 90 days. Great! I’m not arguing with this advice – everyone should follow these tips.īut do you really need to change your passwords every month? In my opinion, no, and here’s why. In the article, they go on to list more standard advice: make passwords long, use multi-factor authentication, make security questions random. Written by the Better Business Bureau (BBB), the article recommends you change your passwords monthly. The BBB says: Change your passwords every month That’s why, when I recently came across this article with more bad security advice, I had to set the record straight. These basic steps alone will help most people keep their accounts safe. Use strong passwords, store them in a password manager, and turn on multi-factor authentication everywhere you can. But for average people like you and me, doing the basics well can make all the difference.

If you’re a nation state, that may very well be the case. There are many people out there who want you to believe that strong security means buying lots of expensive software, following complex rules, and conducting endless research on today’s latest threats. When it comes to security, complicated isn’t always better.