How Often Should I Change My Password?

Category: Security

A password is like a combination lock on your computer, Internet connection, or an online account such as Facebook or a financial institution. Depending on how careful you are in keeping the password secret, it should prevent unauthorized access indefinitely. But that's not how the real world works. There are many ways a password can fall into the wrong hands...

Have You Changed Your Password Lately?

If you use a weak password, such as a name or date, you are asking for trouble. Hackers have software that automatically and rapidly tries thousands of common words until one works. Some "brute force" password hackers cycle through every combination of letters and numbers until one clicks. The shorter and more common your password is, or if it's a common word followed by some numbers, the more often you should change it to stay ahead of such methods.

The more exposed your login screen is, the more often you should change your password. The Windows login screen usually can't be seen by anyone but the person sitting in front of the computer. But you should be aware of "shoulder surfers" lurking behind you. And any login screen accessible via the Internet is more vulnerable.
Change Your Password

Using unsecured public WiFi networks can allow hackers to capture your password as you type it into your browser. If you frequently patronize Internet cafés or other public networks, you should change your critical passwords often. See my related article on Wireless Hotspot Security (

If you have ever written your password down on paper, you should change it immediately. The same is true if you have ever told your password to anyone.

If you have detected malware on your computer, change all of your passwords after cleaning up the infection. Also, if you have stumbled across a website which you suspect might be up to no good, change your passwords. In both cases, you may have picked up a keylogger without knowing it. A keylogger captures passwords and transmits them to bad guys.

Secure Password Strategies

Many employers and financial institutions require users to change their passwords once every three to six months. Such policies are compromises between security and convenience. When users have to change passwords often, they may opt for short, easily remembered, and easily hacked passwords.

The stronger your password is, the less often you need to change it. Passwords that are 12 characters or longer and mix upper and lower case letters, numbers, and special characters randomly are much harder to crack - and harder to remember.

That's where password management software comes in. A password manager program stores all of your passwords in an encrypted database and enters the appropriate password when it's needed. RoboForm and KeePass are examples of password managers. With such a utility, you can create complex passwords that are hard to crack and not have memorize them. Of course, you will need a master password to access the password management program. See my article Is Your Password Hacker Proof? ( for advice on password managers, and choosing a strong, secure password.

There is no hard-and-fast answer to how often you should change passwords. But the longer you keep the same password, the longer hackers have to crack it. If your employer requires you to change passwords on a regular schedule, I suggest change your personal passwords at the same time.

Do you have something to say about password strategies? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 9 Jun 2011

For Fun: Buy Bob a Snickers.

Prev Article:
Beware the Free Credit Report Scam

The Top Twenty
Next Article:
Best Paid Anti-Virus Programs

Most recent comments on "How Often Should I Change My Password?"

Posted by:

09 Jun 2011

I've often wondered why critical sites (financial and the like), and for that matter all sites, do not have an "x strikes and you're out" policy - where x is some small number like 5 or maximum 10.

If you mess up the password "x" times then the account/access locks until some intervention takes place. Having worked with mainframes (yes I'm a dinosaur) where this type of security was common place, I find the let there be infinite password attempts quite odd. It certainly would stop the brute force attempts or at least highlight them.

Posted by:

09 Jun 2011

I agree with gcai above. This is a good point, indeed!

In terms of securing your password I highly recommend Keyscrambler (which also comes highly recommended by Raymond who is Webmaster of - - a Very credible and reputable computer-Internet related website).
Raymond ran multiple keyloggers against KS and none was able to compromise the integrity of KS!!!

I have been using this software for some time now.
Keyscrambler Simply Works - - with no end-user intervention needed. It works by encrypting EVERY keystroke you type on your computer's keyboard.
The result is a hodgepodge of characters scrambled to defeat would-be Online thieves!
You can actually watch KS at work on your screen as you type - - You'll see,

AWESOME - - and it's FREE!
(you can also purchase either of the two paid versions which protects a whole lot more applications)

Posted by:

10 Jun 2011

You mentioned Roboform and Keepass as examples of password-managers.
I would like to recommend LSN Password Safe, which is the one I use. It is free, has good anti-keylogging measures and can run portably from a USB stick.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- How Often Should I Change My Password? (Posted: 9 Jun 2011)
Copyright © 2005 - Bob Rankin - All Rights Reserved