Tips on Password Security
Continuing my previous discussion of what makes a password strong is the additional need to routinely change your password. The reason to change your password is that the longer your password remains the same, the more likely it will be discovered by a malicious user.
While odds are that a malicious user isn’t trying to discover your password all day every day, odds are good that at some point someone will try to use your account to gain access to unauthorized systems, information, etc. By changing your password, you do several things.
First, if your existing password has been compromised without your knowledge, you instantly revoke access to anyone maliciously using your credentials.
Second, if someone is actively trying to compromise your account, they need time to discover your password. Remember our discussion on the length of your password (the longer the better)?
Statistically speaking, someone attempting to find your password by trying every possible combination of passwords must try half of the possible passwords before he finds the correct one. This is known as a brute force attack. The longer your password, the more possibilities an attacker must try before he finds the correct one.
If your password is sufficiently lengthy and sufficiently complex, it could take as long as a few months or even years to break your password. What happens when you change your password is you force any would-be attacker to restart the process of trying every possible combination. So, how often should you change the password? This has no exact answer.
NSK Inc. recommends you change your password at least once every 180 days. However, if you work with particularly sensitive data or have an account with elevated privileges, you should change your password more frequently.
Ask yourself how much damage an attacker could cause you, your company and your clients if he figured out your password. The more damage that can be done, the more often you should change your password.
Written by:
Ben Howard - MCSE, Security+, CCNA Security, NSA 4011
Senior IT Associate - NSK Inc