Leave it Alone
If your password is strong enough, NIST says you shouldn’t worry about changing it often. While changing passwords regularly isn’t a bad thing, many users just make minor or incremental changes. They may just capitalize a different letter or increase the number at the end by one, making it easy for bad guys to guess the change. Of course, if you receive official notice that it’s time to change your password, take the opportunity to create a new, stronger passphrase right away.
NIST also issued recommendations for answering verification questions. Many verification questions ask for easy-to-find information, like your mother’s maiden name or pet’s name. If you are prompted to create security questions, make up answers and record those answers since the true answers may be discoverable through social engineering, social media or other public places.
Here are a few other recommendations:
- Be sure to use a strong password to protect your email account. A bad guy with access to your email can likely reset your passwords and potentially take over just about every other account you have, like banks, credit cards and social media.
- Use a unique password for each site and account you have. Bad guys can capture your password from one account and try to use it to get into other accounts.
- Use a password manager app to help manage passwords, answers to security questions, or other information for your accounts. This will help you keep track of the different user IDs and unique passwords to improve security.
Remembering these password guidelines should mean an easier path to better security by making passwords longer, stronger and more user-friendly.