Your password is one of the most basic tools you have to keep other people's paws off your data, but the longer you have it, the higher the odds are that cyber criminals will figure it out and abuse it. So why do you pooh-pooh the constant advice to change it regularly? Why take that kind of unnecessary risk?
1. Other tasks seem more important in the moment.
Swapping your password takes just a minute or two, but in the rush of the day, we often prioritize tasks based on the emotional sense of urgency we assign to them. We don't want to deal with something that might happen when there are a hundred other things we know will happen. The fact we constantly have other people pinging us or popping into our cubicles socially reinforces the idea that we have to get to other tasks first.
2. You're stressed and don't trust your memory.
Most modern systems are set up so the password you pick has to be something at least semi-complex. You have to have a certain number of characters, for example, or you have to make sure there's an uppercase. In part because of those requirements, there's always a slight fear that, if we don't write the password down, we'll forget it and have to go through the password recovery process. (Ain't nobody got time for that!) Since we've already got enough pushing our anxiety buttons, we stick with what we already know to eliminate a potential additional stressor.
3. You feel like a big shot.
You know how after a fire or other disaster, there's usually one of the victims saying "You never think it will happen to you"? Well, people have that mentally about hacking and cybertheft, too. Until you've been a victim, you cling to the idea that you're invincible and on top of the totem pole, because it threatens your sense of status and self to think you're not.
4. Distractions are everywhere.
Why spend your free two minutes changing your password when Facebook is so shiny? Or when you could gossip or shake the vending machine for a KitKat? Those little rewards feel amazing, flooding your brain with doses of hormones like dopamine. Changing your password is plain boring compared to the alternatives.
5. It's inconvenient.
Even if you're not all that stressed out, depending on the system involved, you might have to ask for help (e.g., call your helpdesk, start an online chat) to get the password reset. And in today's culture where most people demand a response to texts, emails and other communications ridiculously fast, you might have little tolerance for the wait involved.
When and how should you change your password?
All this said, a typical recommendation is to change your password every three to six months. But you might want to take this with a grain of salt, depending on your circumstances and needs. Lorrie Cranor, Chief Technologist with the Federal Trade Commission, asserts that changing your password too often actually can do more harm than good in some cases, and that mandated password changes probably aren't right for everybody.
When you finally do make a switch, use these tips:
- Avoid simple transformations, such as changing a single digit or character (e.g., S to $).
- Avoid new passwords that are similar to or related to the old one in concept or idea. Start fresh!
- Keep dates, including the year of the change or your birthday, out of the password.
- Make the password unique to the account (don't recycle one you already use).
- Strive for length to make the password stronger. Even one more character can make a big difference. Password management apps can help you keep track of longer passwords regardless of how many of them you have, ensuring you don't sacrifice security for easy recall.
With these guidelines in mind, be proactive. You can't guarantee a hacker never will get through, given how fast tech moves, but you can at least make sure psychology isn't what leaves you out to dry.