Quotes Icon

Andrew M.

Andrew M.

운영 부사장

"저희 비영리 단체는 TeamPassword를 사용하고 있으며, 우리의 요구에 잘 맞고 있습니다."

가입하기!

Table Of Contents

    Hacker stealing your password

    How Often Should You Change Your Password | Tips to Stay Secure

    August 4, 202311 min read

    Cybersecurity

    While there is no hard and fast rule, experts agree that it is best practice to change your passwords every 90 days. Yup, every 90. If the very thought of going through each and every one of your 127 passwords and updating them every 90 days makes you want to click off this article - don’t. 

    With a little knowledge, this tedious task can be made easier and safer. We’ll also share why it’s an essential part of securing your accounts and that it's:

    1. Worth your time, and
    2. Not as overwhelming as it seems if you’re using the right tools

    Aside from learning to spot social engineering attacks, regularly changing your passwords is one of the easiest actions you can take to minimize the probability of being hacked. 

    Table of Contents

      Why Should I Change My Password? 

      Does changing my password really make a difference? 

      Statistics from 2019 found that over 1 million passwords are stolen every week, and that number has only increased during the pandemic. Today, there are over 24 billion username and password combinations available on the dark web

      Changing your passwords absolutely makes a difference in keeping your accounts safe, provided they’re strong. Some stolen passwords are exploited right away, but others are leveraged months later. Changing your password could foil months of a cybercriminal’s work, which may lead to them focusing their attention on lower-hanging fruit.

      Are my accounts more secure the more I change my password?

      Yes, and no. Provided you are using randomly generated or unique passwords of 12+ characters with symbols and numbers, then updating your most valuable accounts frequently absolutely keeps your accounts more secure. 

      Frequent, scheduled password changes are only an issue when the task is thrust upon an uneducated employee who hasn’t been given the right tools for the job.

      Most software solutions that mandate frequent password changes are rendered virtually useless by not giving the user the proper tools. People feel annoyed at being forced to change and memorize a new password, and often game the system, first adding a 1, then a !, then a 2 etc. I was certainly guilty of this at past jobs. 

      Requiring people to change their passwords without providing a password manager (more on this below) irritates people and does little to bolster your company’s security.

      Cybersecurity exists on a spectrum: convenient and frictionless on one end, and security on the other. In a perfect world you would change your password every day, but the cost/benefit analysis buckles when you realize that a program like TeamViewer can get hacked, rendering a simple security measure such as a password useless. 

      Ultimately, a combination of new, complex passwords and a second authentication factor is the best we can do. 

      If your systems require the best available security, look into hardware keys such as Yubico, Google Titan, and Thetis. 

      Special Occurrences That Should Prompt a Password Change

      In the realm of cybersecurity, certain events or circumstances necessitate an immediate password change to maintain the integrity of your accounts and sensitive information. Here are some scenarios that should prompt you to update your passwords:

      1. Known Password Breach

      If a service or platform you use has experienced a data breach, especially one involving user passwords, you should change your password for that account immediately. Breached passwords can be exposed to hackers, who might attempt to use them across multiple platforms.

      2. Reused Passwords Across Accounts

      If you've been using the same password for multiple accounts and one of those accounts becomes compromised, it's essential to change the password for all other accounts using the same credential. Cybercriminals often try credentials obtained from one breach on various platforms.

      3. Sharing Passwords with Others

      If you've shared a password with someone and their access is no longer necessary, change the password. Even if you trust the person, their device might be compromised or stolen, potentially leading to unauthorized access.

      4. Employee Departure or Role Changes

      In a business context, when an employee leaves the organization or changes roles, change their account passwords immediately. This prevents former employees from accessing sensitive data and systems, reducing the risk of insider threats.

      5. Suspicious Account Activity

      If you notice unfamiliar activity in your account, such as unauthorized logins, emails you didn't send, or changes to your account settings, it's a strong indication of a potential compromise. Change your password and review your account security settings.

      6. No Longer Using an Account

      If you've stopped using an account or service, it's best practice to change the password and then deactivate or delete the account altogether. Dormant accounts can be targeted by attackers, and maintaining unnecessary accounts increases your risk exposure.

      7. Loss or Theft of Device

      If you've lost a device (such as a smartphone or laptop) or it's been stolen, change the passwords for all accounts accessible from that device. This prevents unauthorized access by whoever gains possession of the device.

      8. Updated Security Practices by the Service Provider

      If the service provider or platform you use announces security improvements, such as implementing stronger encryption or enhanced authentication methods, consider changing your password to align with these enhanced security measures.

      9. Phishing or Social Engineering Attacks

      If you suspect that you've fallen victim to a phishing attack or have inadvertently shared your password through social engineering tactics, change your password immediately to prevent unauthorized access.

      How to change your passwords

      The most common reason people cite for not wanting to change passwords is the time required. It’s a manual process, and right now, there’s no way around that. But if you're not using a password manager, your vision of what the process looks like may be needlessly convoluted.

      The unknown can be scary.

      undefined

      With a password manager, updating passwords is as simple as: 

      • Navigate to the “change password” page of your account settings 
      • Click your browser extension. The extension will most likely have pulled up the appropriate record, but if not simply search for it 
      • Click “edit” in your password manager on the account you’re updating
      • Use the Password Generator to create a new, strong password
      • Save the password in your manager and on your account

      Change your passwords with a movie or music in the background! There’s no reason it has to be all boring.  

      How to make strong passwords

      If the account you’re using allows for symbols, then generating a long, random string of symbols, digits, and letters is the easiest and safest option. 

      If you need to remember the password, try creating a passphrase. Passphrases are strings of words, with a few symbol and number substitutions, that are easy to remember but hard to guess. Part of the reason passphrases are effective is that when it comes to password strength, longer is better. Don’t use song lyrics, lines from poems, or anything that can be found in a Google search. 

      What are bad passwords?

      Every year, a few websites take the time to bemoan the state of password management by compiling the worst passwords of the year. The list typically looks much the same. These passwords can be cracked in less than a second by modern software, yet continue to be widely used. 

      Avoiding bad passwords is mostly common sense. If you use a password generator or take the time to create a 14+ character passphrase, you’re probably good. The key is to avoid patterns and personal information. 

      If someone is choosing to target you, they will scour the internet and social media for personal information. Pet’s names, birthdays, your first car…it’s hard to remember everything you’ve ever said on the internet. We recommend avoiding such personal information when building your password.

      Here are a few that always make the worst passwords list:

      • 123456
      • 123456789
      • qwerty
      • password
      • 12345
      • 12345678
      • 111111
      • 1234567
      • 123123
      • qwerty123

      What is a password manager?

      So far, I’ve asseverated that a password manager is a critical tool in your mission for effective password hygiene. But what is its purpose?

      In its most basic form, a password manager is a single vault that stores unique passwords for all your accounts. The benefit is that you only need to remember one master password to access the vault. 

      A good vault such as TeamPassword uses Client-Side Encryption, which means that even TeamPassword employees, or anyone with access to TeamPassword’s database, cannot see your passwords. They also feature AES 256-bit encryption and security accreditations such as ISO 27001, SOC 1 and SOC 2, SSAE 16 and ISAE 3402.

      The best vaults allow users to share passwords with team members - be they friends, family, or colleagues. With organizational tools like groups and different user settings, you can control who sees what without exposing your data. 

      Should I let my browser save my passwords?

      While Chrome is working to make its password manager more secure, it does not provide enterprise level security or secure sharing. 

      Chrome is designed to be the most convenient browser on the market, and it succeeds. But if your Google account is breached, your passwords will be revealed. Most of us sync our Chrome profiles so that we can access bookmarks from anywhere. This works against us if one of our devices is stolen.

      I won’t claim that a real password manager is as convenient as letting your browser handle everything. As I said above, cybersecurity is often a tradeoff between easy and secure. However, if you need to share passwords with team members or family, then Chrome is definitely not the appropriate tool. A dedicated password manager built for sharing is both easier to use and safer. 

      Here's a guide on disabling your Chrome password manager. 

      How does a password manager work? 

      Let’s start with what a password manager is not. 

      • Not a magical tool that automatically updates all your account passwords without you lifting a finger. 
      • Does not guarantee that you’ll never be locked out of an account again - you could accidentally save different passwords between your password manager and the account you’re trying to manage. 
      • Does not replace account settings or have administrative control over your accounts. That is, just changing your Instagram password in your password manager does not actually change your Instagram password. You still need to go to your Instagram account settings and make the change there. 

      What does it do?

      By storing your sensitive credentials in a host-proof and locally encrypted vault, a password manager stores complex passwords for all your accounts while only requiring you to remember the master password that accesses your vault. Team plans let you safely share account credentials with your team without the credentials leaving an encrypted environment.

      Is TeamPassword a good password manager?

      TeamPassword is one of the best - especially for sharing passwords on teams.

      TeamPassword exists so teams can effortlessly access the credentials they need…and only the credentials they need. Here are a few of the features that make this possible:

      • Unlimited number of completely customizable groups such as Marketing, HR, and Billing
      • Records can be part of multiple groups
      • Admins grant or revoke access to each group with the click of a button

      TeamPassword is designed so that your team will actually use it. The interface is simple and only shows you what you need. We integrate with Google SSO for seamless login into your vault. 

      undefined

      We offer a mobile app and extension so your records are accessible everywhere, all the time.

      If you’re looking for an affordable, easy-breezy to set-up password manager for your team, please sign up for our free trial and let us know what you think.  

      패스워드 보안을 향상시킵니다

      패스워드를 올바르게 생성하고 관리하기에 가장 적합한 소프트웨어

      TeamPassword Screenshot
      facebook social icon
      twitter social icon
      linkedin social icon
      관련 게시물
      Why Do Hackers Want Your Email Address?

      Cybersecurity

      November 21, 202413 min read

      What Can Hackers Do with your Email Address?

      Email is used for password resets, 2FA authorization, and other identity verification. Learn how hackers exploit yours and ...

      Employees standing around computer discussing code

      Cybersecurity

      November 15, 202410 min read

      Creating a Company Culture for Security | 5 Actionable Insights

      Security is both a technical and cultural issue. Employees who value and promote security will prevent cyberattacks, protect ...

      username and password in green lettering

      Cybersecurity

      November 14, 202413 min read

      What Is Password Management? [Complete Guide]

      What is password management? Learn how to effectively manage your passwords with these best practices, tools, and more. ...

      업데이트를 놓치지 마세요!

      이와 같은 게시물을 더 읽고 싶다면, 블로그를 구독하세요.

      Promotional image