Password: Frequent change helps secure?

How often do you change your password? Surely some of them are old. In fact, most of us change our passwords only when something forces us to do it.

Typically, this can happen if we forget it, or if the service we use requires us to create a new password. Of course there are which require new passwords every few months.Password

Which approach is correct? Using the same password for years, or changing it frequently? Below we will see the advantages and disadvantages of frequency password:

It makes him you a little safer

Generally speaking, the theory is that frequent change of your password makes your account more secure.

The argument of course applies if you are the intended victim of a leak, and changing the password frequently will prevent someone from continuing to use your account. ...

Does the argument seem right to you? Maybe yes, but it's not as clear as you would expect. The instantaneous breach of your account by a hacker is enough to cause very great damage. So frequent password changes only ensure that you do not have your account with the attacker.

On the other hand, even assuming that your new codes are stronger than the previous ones, the practice is of little benefit.

In a paper at Carleton University (PDF), researchers report that attackers who have access to a list of passwords can perform attacks by testing a huge number of passwords in a very short space of time. Low and medium power passwords are at risk.

The document proves mathematically that even frequent changes to strong passwords have failed to hinder attacks, and that the benefit is almost certainly not worth the inconvenience it causes to users.

The same document recommends system administrators to use slow shredding features like bcrypt. End users will not be bothered and the process makes it harder for attackers to quickly guess a large number of passwords.

Your new password may not be safe

I'm sure you do not have to tell you how to create a strong password, but some information should be repeated:

Your password must use a combination of number and symbol letters (special characters).
It should use some uppercase and a few lowercase letters.
It should be longer than 12 characters.

By following the above conditions, you create codes that are powerful but are difficult to memorize.

But let's look at the scientific data. In 2010, researchers at the University of North Carolina published a paper entitled “The Security of Modern Passworth Expiration: An Algorithmic Framework and Empirical Analysis. "They studied the history of passwords from old bills that existed at the university.

The study looked at more than 10.000 old accounts and 51.141 passwords. The researchers performed a hash attack outside and finally they managed to reveal 60% of the codes.

Password Managers Locally or in the Cloud?

They then used that data set to see if they could see other passwords connected to the account. The it was amazing. In 17 percent of cases, the next password used for the same account could be found in less than five seconds.

Why; The study concluded that people tend to make very small changes when changing a password. For example, iguru123 can be 1guru123, and the newsiguru! it could become igurunews !!, and so on.

When do you need to change your password?

If you suspect that someone has accessed your account without your authorization, you should change your password. If you think someone was watching you when you entered your online credentials , you will need to change your password again. If you had to "give" your password somewhere, you will of course have to change it.

And if you think you are a victim of a phishing fraud, you will need to change your password.

In all cases, you need to make sure that your new password has nothing to do with the old one. Do not use the same central word, and do not place the same special characters in the same positions. Of course, do not try to write your old password upside down.

Remember, you will also need to change your password to all other accounts that use similar passwords. For example, if your Facebook password is iguru1 and your Twitter password is 1iguru, you will need to change both.

But what about the forced reset of passwords?

Is it a good idea for an application or service to force end users to create new passwords? Probably not.

In 2009, the National Institute of Standards and Technology said that regular password changes were "beneficial to reduce the impact of certain password compromises", but were "ineffective in other cases". Like an oracle from Pythia. Of course users are frustrated by the change of codes required every three or so. forced change.

All of the above arguments may sound complicated. Let's collect them a little:

Frequent password changes may make users marginally more secure only if the new password is extremely robust.
Forced (frequent) password changes often have a negative result, since users often choose less powerful, or a variation of old codes.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

2 Comments

Leave a Reply

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).