We’re living in an exciting time as far as technology goes, and it never ceases me to amaze me how integrated it is in almost every aspect of our lives. For example, can you count how many purchases you made on your phone yesterday? Or how many times you checked and sent email on it? Or even the number of times you entered your username and password information to access different apps/platforms?
If you really think about it, we find ourselves giving up personal information so willingly and frequently that we don’t always think about the ramifications. Just yesterday, I downloaded the app Venmo (for those who aren’t familiar, it’s a useful app to shift money around between friends and family), then I linked my bank account to that app.
The reality is that hackers are becoming more clever at breaching through cybersecurity walls, so it’s up to us to stay ahead of them. While the idea of stepping up your association cybersecurity might seem like a daunting task, it doesn’t have to be if you take some incremental steps. The first being how you choose your passwords.
How often should I change my passwords?
Passwords should be regularly updated for any login where there is a potential threat of data breach. In other words, if your password can be cracked, acquired or stolen, you should change it on a regular basis.
What defines this schedule? The security posture of the login in question.
If we’re talking about a super-top-secret government agency, I would expect this login to use some sort of authentication key that changes the associated password every few minutes (or seconds). These solutions require the person logging in to have access to the key, and do not require their involvement to change the password. (Yes, it’s super cool, but overkill for most corporate environments, in my opinion.)
For a standard corporate, educational, or non-profit environment, login passwords should be changed every six months to one year. Some advocates push for every quarter, or three months, but my experience has shown that maintaining such a short update cycle can create a burden on your support team for a relatively insignificant security benefit.
For online services, like email (Gmail, Hotmail, etc.), cloud storage (Dropbox, OneDrive), social networks (Facebook, LinkedIn), etc., the same posture question comes into play. If this cloud service is integrated with an ultra-secure solution, or contains data that absolutely cannot be breached, then we should implement a strong 2-factor password solution that changes automatically. If this is not an option because the service does not support it, then scheduled password changes should be implemented as part of the management of the account. For regular corporate environments, every 6 months to 1 year should be acceptable. For personal solutions, I would still recommend changing these passwords at least once a year.
So next time you’re on your phone or your computer, and you just automatically log onto one of your many accounts, consider upping your password game. This is the just one of many steps you can take to stay ahead of the hackers.
Curious to learn how strengthening your password security can promote a secure environment for your staff members and how to get your team on board? Download our eBook to find out!