Over 30% of Consumers Never Change Their Passwords. Are You One of Them?
In an effort to make their point clearer, security experts have been trying to compare passwords to real-life objects for years. There have been many analogies, but perhaps the most interesting one draws parallels between passwords and… underwear.
It sounds a bit absurd, but when you think about it, you'll see that it makes perfect sense. The idea is that you don't show your underwear to strangers, and you certainly don't share it with other people. The same rules, the experts say, should apply to passwords, and we don't think that anyone would be willing to argue with that. The comparison goes further, however, saying that like your underwear, you should change your passwords regularly.
It's a fairly old argument, and PC Mag's editors were probably wondering if people are paying any attention to it. A month ago, they asked 2,500 users how often they change their passwords, and the answers are, to some extent, at least, surprising.
A whopping 11% have taken the underwear advice literally and change their passwords every day. 4% of the interviewed change passwords several times a week, and a further 4% do it once a week. 8% swap passwords several times a month, 12% do it once a month, and 27% change them several times a year. 35% of the participants admit that they won't change their passwords unless they're explicitly prompted to do so.
Interestingly enough, one in every ten users is willing to go through the trouble of updating their passwords every day. On the whole, however, not everyone is quite so enthusiastic.
Should you feel ashamed if you don't change your passwords regularly?
As with so many things, it's not a yes-or-no question. There are several different arguments, and they all make a certain deal of sense.
The whole "change your passwords regularly" advice was spawned by the fact that according to many people, if something's on the Internet, sooner or later, it's going to be hacked. The idea is that by the time crooks try to use your compromised password, you will have changed it, and their account takeover attempts will be ineffective.
Other people say, however, that hackers won't hang around. Thanks to automated tools, they argue, an account can be broken into within seconds of compromising the login credentials.
Again, this is true to a certain extent, but let's not forget that millions upon millions of passwords are leaked during large data breaches, and even with all the help, the hackers will still need some time before they can go through all the data. If you happen to change your password at that particular point in time, you might just be in the clear. Surely, this should mean that regularly changing passwords is a good idea. Or maybe it isn't.
Regularly changing passwords is not just a nuisance
We've discussed tactics for creating strong passwords on these pages, and we've also seen that not a whole lot of people are actually bothered. That's because creating and remembering a strong password is hard. And if it's hard to create and memorize one strong password, can you imagine doing it multiple times every few weeks?
The difficulties of creating and memorizing a new string of characters is the problem with regularly changing passwords. It puts way too much stress on the human brain, and most people just don't bother with complex passwords, opting for something plain and simple like "123456" instead. Either that or they just put a "1" at the end of their old password and move on.
Another common practice is to create a list of passwords which you periodically rotate. Even if they're reasonably strong, all these passwords will be recycled at one point in time, meaning that if one of them gets stolen, it will give hackers an opportunity to attack. In other words, you might as well not bother changing them at all.
Changing passwords, then, can not only be frustrating, but it could also make you more vulnerable than you already are. There is a way of making it work – using a password management application like Cyclonis Password Manager and not relying on your brain to create or memorize passwords. With a password generator, every single password you create will be completely random and unique. It will be strong, and it won't be based on the previous one. Best of all, you won't need to remember it because it, along with the rest of your private data will be saved in your encrypted vault.
To sum up, the "passwords are like underwear" argument is not watertight because while using a piece of underwear more than once might be fine, with passwords, things are quite a bit different.