Cybersecurity Advent – Day 08

Today’s Cybersecurity tip is: change your passwords

Ideally you’ve chosen and setup a password manager. If not, this part will not be as easy … but still necessary. Changing your passwords will also be a time consuming process but one that should be ongoing in your life.

As stated previously, the old school of thought was that you should change your password fairly frequently, like every 90 days. New wisdom says only change your password when there’s been evidence of a breach of login information. I’m a little more conservative and don’t see the harm in changing your passwords annually … especially if you’re using a password manager; it will do all the heavy lifting for you! I feel annually strikes a good balance and minimizes data loss in case of a breach.

If you do use a password manager, it can generate a password with any parameters you give it. I recommend 16-20 characters (or more if the site supports it) and a mix of as many different types of characters as possible. If you have the option to not use dictionary or pronouncable words, I suggest you do that too just for an extra layer of security. Again, the point is to have ridiculously hard passwords to guess, and let your password manager remember it for you. Try to manually remember iJBblxg6@%Ur95VNj0uz for just one site and now think about how many sites with which you actually have an account. Just don’t forget your master password!

If you’re not using a password manager, then try to stick with memorable passphrases or even just use three random words that you’ll remember. Most sites allow all ASCII characters, even spaces, so round blue bananas would be a valid password and easier to remember than the password generated iJBblxg6@%Ur95VNj0uz. Of course, it likely won’t meet the password requirements of most sites … so you’ll have to mix it up a little and still remember it.

Also important, use a different password/passphrase for every site or service with which you have an account (which is very easy to do with a password generator … are you seeing a theme yet?). For example, if your credentials are stolen in a data breach at, hypothetically, and you reused that password everywhere, then the hackers potentially have your login information for every site you visit. Use a different password everywhere (or one master password for your password generator … okay I’ll stop now)!

Now you know how to make a good password; so get out there and do it. In my opinion, you should make a habit of changing your password every year on every site you visit. Put it in your calendar and then just try to break it up over the course of a week or so. Make the effort to visit 5-10 of your sites per day and change your account passwords. It shouldn’t take more than 15 minutes to go through that many sites, so you won’t spend more than a couple hours over the course of one week per year. That’s a pretty small investment to help keep your digital data secure.

See you tomorrow!