IT | Security

Do You Need to Change Passwords?

By: Absolute Team | 11/27/2010

From studies we've highlighted in the past, we know that most organizations do not require employees to change passwords. But is changing passwords a big deal, really?

That's a question that Bill Schneier set out to answer in his latest blog post, and the answer, which isn't as clear cut as would be nice for enterprise security, is "it depends."

On the one hand, changing passwords means that compromised passwords have an expiration date on usefulness to cybercriminals or outsiders. On the other hand, changing passwords often may lead employees to choose easier-to-remember (and less secure) passwords. However, this is not an inclusive summary of all fraud scenarios.

In the case of espionage or money theft, changing passwords often is not likely to prevent the crime, but is vital immediately after a crime has been committed. Recommendations, overall, include:

  • Only focus on changing corporate logins sometimes
  • Only change other passwords if you think a friend / ex-spouse, etc would abuse them
  • Don't bother changing your computer, financial or encyrption key passwords
  • A good password is more important than one which is changed often
  • Since a good password is hard to recall, write it down somewhere SAFE or use a program like Password Safe or 1Password
Data Visibility & Protection
Absolute Team

All Posts By This Author
Related Articles
Bad Weather Ahead: The Parallels Between Cybersecurity and Enduring Winter
Absolute Editorial Team - 1/15/2021
- 2 min read
Absolute Named a Leader in the G2 Grid Report for Endpoint Management, Again!
Absolute Editorial Team - 1/6/2021
- 1 min read
In 2021, CIOs Must Do More with Less
Dianne Lapierre - 1/4/2021
- 2 min read
View Recent Articles