This archive report was first published on 23 June 2020.
Time to rethink your approach towards password change ¶
Published on June 23, 2020, a study from Carnegie Mellon University in the US found that many people don't change their passwords after a breach, and when they do, they often choose weaker passwords.
According to the study, even for those who did change their passwords, most took more than three months to do so, and many replaced their old passwords with weaker ones.
Experts advise choosing quality passwords and using two-factor authentication to stay ahead of cybercriminals.
Paul Ducklin, principal research scientist at Sophos, emphasizes that the only time you should feel compelled to change a password is when there is a clear and obvious reason to do so, such as if you think or know that it might have been compromised.
He notes that passwords are usually stored in a hashed form, making it difficult for cybercriminals to crack them. However, if a service provider notifies you that your password hash was acquired by crooks, you'll remain safe if you change your password before they crack it.
So, what can you do to stay safe? Experts recommend choosing quality passwords, using two-factor authentication, and changing your passwords immediately if there's a valid reason to do so.
- Don't delay, do it today
- Choose quality passwords
- Don't use 2FA as an excuse to choose a trivial password or to use the same one everywhere