Passwords – change ’em.
WHY should you occasionally change your password for a website (like online banking)?
Let’s look at this way…
Do you use that password on other sites?
Is the password less than 10 characters in length?
Has the website recently notified you, or have you recently read about the site/company suffering a security breach?
Now, to explain why you should change them…
If you answered YES if you re-use that password on another site: That one is easy. If that other site gets compromised (read: security breach), then they now have access to your account on THIS site, and any others also sharing that password.
If you answered YES if it’s less than 10 characters… the concept of trying to “guess” your password until they guess it right, is called “Brute Force”. Think of it as beating it with a hammer until it opens. If it’s 8 characters or less, there’s a known look-up table that hackers can use to quickly, and easily, guess your password. A 10-character password is more secure than an 8-character one. The longer the password, the less likely a hacker can brute-force your password.
If you answered YES to being notified or read about the site involved in a security breach… DO they have your password? Maybe. Want to chance it? If someone yells out your bank’s PIN to a crowd of people, are you going to keep that number or change it immediately? Same here – be safe and assume that they have your password.
If you answered NO to those questions… great! Change it occasionally. Why and how often? Well, there’s no set rule, but sometimes changing it once a year is good. The reason why is because sites that ever get breached (and your account info is in the bad guy’s hands), that company may not know about it for days, weeks, or even years.
Equifax was breached and they didn’t know for close to two months. Yahoo was breached (twice), and they didn’t know for two years. Companies don’t always know of a breach while it’s happening or shortly afterward. They often hear about it while they’re reading the same news article you are (no joke). So by changing your password on a regular basis, you’re minimizing any risk associated with a potential breach that could happen in the future. It’s no good to the bad guys to get a copy of your credentials and the info is old/wrong.