Websites, Software Development
and Support, Cyber Security
and Expert IT Advice

Password Security

How Often Should You Change Your Passwords?

When it comes to passwords, most of us would love nothing more than to set it and forget it. But that’s exactly what hackers are hoping for — in fact, it makes their job a lot easier. This means the best line of defence is frequent password changes.

But how often should you create new passwords? Cybersecurity experts recommend changing your password every three months. There may even be situations where you should change your password immediately, especially if a cybercriminal has access to your account.

This article explores those exact situations and covers some of the best password practices you can use to help safeguard these important combinations of letters and numbers.

password notebook
Top 30 used passwords

Situations when you should immediately change your password

There are some situations where you’ll want to change your password immediately.

If you think someone has hacked your account, it’s important to act fast and change your password. Did everyone in your address book get a strange email that looks like it’s from you? Change your email password. Are your Facebook friends getting a new friend request from you? Something’s not right, so you’ll want to change your password.

This can help limit the amount of time a cybercriminal has access to your account.

If there’s a password breach at work or within a company you do business with, you’ll want to change the password for any affected accounts. If you use that password for any other websites, you’ll definitely want to change your password to those accounts. If hackers get access to your password, they may try it on multiple websites to see what else they can steal.

As much as possible, try to avoid logging into your secure accounts on public Wi-Fi, such as at a library or cafe. Generally, an unsecure network means your online activity is public. If you need to use an unsecure network, change your password once you’re on a secure network.

It can also be a good idea to look into a smart VPN like McAfee Secure VPN, which automatically turns on to protect your personal data and credit card information even if you need to use public Wi-Fi.

Your personal information could be at risk if malware infects your computer. If you have quality antivirus software (like what’s included in McAfee Total Protection) and it detects malware, you’ll want to change your passwords from another device.

If you no longer have contact with someone, there’s no need for them to remain on your Netflix or Amazon account. There’s also no need for an ex to share a bank account or have mobile app access. Create new passwords when you’re no longer sharing an account with someone.

You may have an account you haven’t used in a year, such as from an online retailer. Change old passwords for seldom-used accounts and close the account if you don’t intend to use it again.

How to create a strong password

A good password can make it more difficult for hackers to access your accounts. But what exactly makes a strong password? Here are a few criteria.

  • It’s used only for one account. While it can be easy to use similar passwords for multiple accounts, hackers might be able to get into your other online accounts if they access just one.
  • It’s at least 12 characters long. To make it easy to remember, use a lyric from a song or poem (for example, “andtherocketsredglare”). Or make an abbreviation from the words in a sentence (changing “the quick brown fox jumped over the lazy dog in the backyard” to “tqbfjotlditb,” for instance).
  • It’s a complex password. Include at least one capital letter, one number, and one symbol. A computer can guess a password with eight letters immediately. But a 12-character password with at least one uppercase and one lowercase letter, number, and a special character would take 34,000 years to crack. Some sites allow users to create a passphrase. That’s a string of words that can be up to 100 characters long.
  • It’s hard to guess. Don’t use information that people who know you or look at your social media can guess. Avoid personal information like your nickname or initials, birthday, address or street name, or a child or pet’s name.
  • It doesn’t use common words like “password” or “qwerty.” You’d be surprised how many people use “password123” or “123456” as a password. A cybercriminal would not.

Watch the video above from Safety in Canada to learn more about creating a strong password.

This is sextortion

What are the most common ways passwords get hacked?

A cybercriminal may use a variety of strategies to access your passwords. Here are some of their most common tactics

  • Guesswork: This is why password security requires unique passwords that don’t include personal information
  • Buying passwords on the dark web: Search engines don’t index the dark web. A lot of dark web activity isn’t traceable, including the sale of passwords.
  • Phishing: This is when a hacker sends an email that appears to be from a trusted source to trick the recipient into typing in their password.
  • Malware: Cybercriminals may infect a device with malicious software that allows them to access personal data, including passwords.
  • Shoulder surfing: : This could happen in a coffee shop or office if you leave sticky notes showing your passwords on your desk.
  • Spidering: These are bots that search the web looking for personal data.
  • Brute force attack: A bot systematically tries thousands of passwords hoping to find the correct one.

How can you keep your online passwords secure?

When it comes to keeping your data secure, password complexity is just the beginning. Here are a few additional tips for keeping your passwords safe.

Review the passwords for all of your accounts. Make sure you’re not using any for multiple websites. See if your passwords are guessable. Do they include personal information like birthdays or addresses? If you find passwords that are weak or repeated, change those first.

Set up multi-factor authentication for important accounts, such as with financial institutions. Logging into a website with two-factor authentication requires you to enter a code sent by text or email in addition to a username and password.

Some accounts require multi-factor authentication with biometric factors for added security, such as a thumbprint or face scan. Using multi-factor authentication with long, complicated passwords can make an account more secure.

A password manager like McAfee True Key can help prevent unauthorized access to your online accounts by protecting your passwords with strong encryption. It also comes with a password generator to help you create complex passwords while storing them safely.

If you have old or weak passwords or use them on multiple sites, a password manager can generate new ones. It’ll then keep track of them and sign you in to apps and websites — with you only having to remember one master password.

This is sextortion

Summary From Tweed Coast IT

When it comes to cyber criminals there is no 100% guarantee. They are getting smarter every day and alway seem to be one step ahead.

  • Enable 2 factor authentication - This means that every time you log into a web site, in addition to entering your password you will receive a message via text on your mobile with a code to enter before you are allowed access to the website. This may be slightly inconvient but it is the best form of protection especially with banking websites.

  • Use complex passwords - make sure your password contains at least 12 charactors, has one capital, one number and one symbol like a #.

  • Try to avoid using the same password on multiple websites - Everyone does this and hackers know that aswell. Your banking websites have the strongest security but your online store may not. Hackers are smart. They will hack into the online store with weak security and use those credentials to try and access your bank accounts.

  • If you believe you are being scammed. Immediantly pull the power on your computer and ring one of the numbers at the top of the page or Tweed Coast IT.

Do you think your password is strong enough?

Click the below link to find out how long it would take a hacker to crack it.

Check your pasword strength

Think you can spot a scam?

Take this quick 5 minute quiz.

Cyber scam quiz (5 minutes)

Have you been a victim of a cyber scam? Click on one of the below Australian Government links, our information page or contact us directly for advice.

Victim of a scam?
Helpful links below.