Password Changing – A way of life
You may have heard the recent news story about 1.2 billion passwords stolen by Russian hackers. Though this is a large number, it isn’t too surprising. It only takes a few small mistakes for a company, large or small, to let an attacker into their network. Whether the attack starts as a phishing email, an attack on a public website, or an infected USB stick plugged into a workstation, once an attacker gets onto a machine they can pull the names/passwords on that systems. With 1.2 billion passwords, likely many of the passwords are years old in accounts that are rarely used.
With systems being compromised all the time, is there a way to make thing easier? One idea is to make changing your password a way of life. For most of us, changing every password we use every 90 days like we do our work account is quite difficult. How about changing them just every year? That seems much more feasible. Another option to help with this is to use different passwords, perhaps with the assistance of a password vault like KeePass or LastPass.
Though the 1.2 billion passwords may contain a few of the accounts used by our agency, making sure we change our passwords every so often and not use the same password twice will greatly decrease the chance of us being impacted.