Recurring Password Changes Hurt Security


Changing passwords regularly is actually a bad security policy believe it or not. All that happens is people use the same password they had before and add a digit or special character at the end.

This teaches bad password hygiene, because it teaches people to do two things they shouldn't be doing:

1- Picking passwords that they can remember.

2- Using predictable patterns to change the password to something "new".

Both of these things increase the chance that someone can guess/bruteforce/infer (in case of password dumps from hacked online services) your password.



Use a password manager. This allows you to create strong and unique passwords for each site/service/login you have that are complex enough to secure your information. The only reason you should need to your password at this point is if you suspect the password has been compromised or you "just feel like it".

My password manager recommendations are:


Free (with paid option) online password manager with apps for android/iOS/windows/mac/chrome. Passwords sync between all your devices. I've personally used LastPass for 4 years now and its a stellar product.


Free open source and saved on your hard drive. You'd obviously want to backup your keepass database in case of hardware failure/corruption/accidental deletion.


PS - You should set a master password for each of these applications that is at least 16 characters and not used elsewhere. You should also secure them using a second factor authenticator like Authy.

Supporting articles/documentation-