Most of us have heard by now how you should have different passwords for each of the services you use (i.e Facebook, Gmail, LinkedIn), and how a good password will include a mix of numbers, letters and special characters. It’s your first line of defense against online attackers, and will protect you from the majority of brute force attacks against your system. However an equally important, and oft-overlooked, safeguard is ensuring that we regularly change our passwords for those services.
As we have seen in the news earlier this year, even massive social media platforms such as MySpace and LinkedIn can be compromised and the data released by hackers, including user’s personal information that dates back as far as 2012. Big companies make for big targets for hackers, and we must be as vigilant protecting our online information as we might be with our physical valuables.
We bring these leaks up specifically because, as is often the case with major breaches of this type, the data that was released was tested by security analysts to confirm its validity (among other things). Reports of their findings, including commonly used passwords, were then made available on the Internet.
The most shocking thing found in these reports is that a lot of the info that was leaked was still valid; in other words, some users haven’t updated passwords since at least 2012. Information obtained from years ago could still be used to log into people’s accounts. Imagine, if you will, finding a missing credit card from four years ago and, upon walking into a store, realized the owner still hadn’t cancelled it. Now imagine finding thousands of these credit cards all at once.
Clearly, this would stress the importance of regularly changing your password. The strongest password in the world won’t do you much good if it’s never changed. As a general rule, you should update your passwords every 90 days (if possible). It is also important that you don’t reuse old passwords, even if they are for different services. In the case of a data breach, even those old passwords could be released out into the public and are now essentially compromised.
Password security is the first step to take in being responsible for you own online security. Always be sure to use complex passwords and of course never reuse old passwords.