This is a constant question: Do we often change the passwords we use?
He would normally expect the FBI to provide effective security advice, but a recent tweet has made many security experts wonder if that is the case.
Specifically, the FBI on November 25 sent a tweet-tip to help (supposed) Internet users to stay safe.
“Shopping online at the festive season? Keep your accounts secure, use strong passwords and change them frequently, ”the FBI says.
Shopping online this holiday season? Keep your accounts ax, use strong passwords & change them frequently. #cyber # Blackfriday pic.twitter.com/56a9VmIqxv
- FBI (@FBI) November 25, 2016
Secure accounts with strong passwords is indeed good advice, but the last part of the suggestion caused controversy. Changing passwords frequently is often described as a bad practice because doing so repeatedly can eventually lead to you using easy passwords that can be quickly cracked by hackers.
In addition, it is proven that companies that force their employees to constantly change their passwords are more exposed to attacks for the same reasons: workers end up using simpler passwords that are easier to remember something that is not safer practice.
So security experts challenged the FBI tweets, and Per Thorsheim was one of those who recommended exactly the opposite.
In a statement on the Motherboard, Thorsheim explained that frequent password changes should not be made and that there are other ways to stay safe on the internet.
"I'm amazed and sad to see the FBI continue to give such advice when credible academic surveys, numerous organizations, companies and the US government itself have been reporting for at least half a year now that frequent changing passwords is a bad idea. ”
"Although I don't know which of the FBI has control of their Twitter account, it does seem to be unaware of current best practices."
So how can you protect yourself online without changing passwords often?
The easiest way is to use a password manager that can create and remember complex passwords that are difficult to crack. Of course there are many password managers like LastPass, 1Password, RoboForm etc, but they store the passwords in the cloud.
Our tip: Prefer an offline password manager like him KeePass. Specific Admin it's free and stores your passwords locally using strong encryption.
Additionally, be sure to enable the audit identity δύο παραγόντων σε όποια υπηρεσία διαθέτει το χαρακτηριστικό ασφαλείας και αποφύγετε να χρησιμοποιείτε τα ίδια passwords σε πολλές services.