Leave it Alone
If your password is strong enough, NIST says you shouldn’t worry about changing it often. While changing passwords regularly isn’t a bad thing, many users just make minor or incremental changes. They may just capitalize a different letter or increase the number at the end by one, making it easy for bad guys to guess the change. Of course, if you receive official notice that it’s time to change your password, take the opportunity to create a new, stronger passphrase right away.
NIST also issued recommendations for answering verification questions. Many verification questions ask for easy-to-find information, like your mother’s maiden name or pet’s name. If you are prompted to create security questions, make up answers and record those answers since the true answers may be discoverable through social engineering, social media or other public places.
Here are a few other recommendations:
- Be sure to use a strong password to protect your email account. A bad guy with access to your email can likely reset your passwords and potentially take over just about every other account you have, like banks, credit cards and social media.
- Use a unique password for each site and account you have. Bad guys can capture your password from one account and try to use it to get into other accounts.
- Use a password manager app to help manage passwords, answers to security questions, or other information for your accounts. This will help you keep track of the different user IDs and unique passwords to improve security.
- Don’t share your log-in credentials with anyone – not even friends and family members. Each time you share your ID and password combination, it potentially weakens your security.
A message from your device provider or password manager that your AT&T online account password appeared in a data leak could mean you used the same credentials on a different online account that experienced a data leak. It does not mean AT&T experienced a data leak. However, once a bad guy has your log-in credentials, any accounts accessible with the same credentials are at risk. If you see a message like this related to your AT&T account, or another account, reset the password through the account management tools and settings.
Remembering these password guidelines should mean an easier path to better security by making passwords longer, stronger and more user-friendly.