09 Jun '14

Why Traditional Password Security Tricks are Bogus

“Change your passwords all the time!” We’ve all heard that familiar piece of advice, but how often have you stopped to wonder if it’s actually good advice? Like so many things, it just depends. Many of us work for companies that automate regular password changes for their internal databases, and a main argument against this practice is that frequently changed passwords don’t get memorized; they get written down, even sticky-noted to the why-traditional-password-security-tricks-are-boguscomputer screen. In that case, what’s the point?

Here are three no-hassle tips that make much more sense, which you can incorporate right away into your security regimen.

  1. Ditch the “every 30 to 90 days” schedule as a universal rule for all of your accounts. Instead, categorize your password-protected accounts into financial, retail, computer, social, etc., and decide how often is often enough to be realistic for your sanity within each category.Security expert, Bruce Schneier, comments in his blog that in the case of financial accounts, regularly changing your passwords won’t make a difference in the event that it is hacked. The reasoning is that these hackers aren’t passive; they’ll transfer funds immediately instead of waiting around. For this reason, the emphasis shouldn’t be on how often you change your password, but on how secure those passwords are and how vigilant you are in monitoring your accounts.
  2. Occasionally check the activity on those accounts that log active sessions, i.e., Gmail, Facebook, and Dropbox. These will show you if someone is logging into your accounts. On networking accounts like these, hackers will most likely be passive and can linger for months before making the intrusion known. You want to keep up the habit of monitoring these accounts for unwanted activity.
  3. Use a strong password generator, but take it a step further. Alter the password you’re given just a little and then keep a physical list of all of your passwords somewhere secure. If you must stay digital, Schneier recommends a product called Password Safe.

Security experts have advised mainly vigilance as opposed to blind routine when it comes to protecting your sensitive information and accounts. Be sure to instate unique passwords for each of your accounts (never duplicate a password across two or more accounts), and take advantage of other security options, such as two-factor authentication and unguessable password recovery questions.

By taking all these things into account, and by incorporating these three simple tips, you’ll be leaps and bounds ahead of the majority of folks on the Internet. It’s an advantage you’ll be glad you had on the day a hacker decides to try to make life difficult.


Pinola, Melanie. “How Often Should I Change My Passwords?” (June 3, 2014).

Schneier, Bruce. “Changing Passwords.” (June 3, 2014).

Leave a Reply