Why do passwords need to be so complex and changed often? When I enter an incorrect password, I usually get an email about it being incorrect and after a few tries, get locked out. If someone was trying to log on, wouldn’t they run into these issues or can they bypass it somehow?
In: 1
The “change often” is falling out of favour with the cybersecurity community…a complex & unique password doesn’t lose security with time so changing it really doesn’t help. And changing has a human psychology issue that we tend to pick easier passwords because we have to keep changing them.
Complex is to prevent a “dictionary attack” (just guess common words). The error emails/lockouts are also designed to prevent this type of attach, but many website don’t use those so it’s not foolproof.
Using some mix of case, numbers, and symbols makes it *much* harder to brute-force attack a password because it hugely expands the number of possible passwords.
Changing often, in theory, is to protect against our habbit of using the same password on multiple sites (unfortunately very common). This means that if one site is compromised, it compromises multiple sites. Changing the password “resets the clock” and prevents the damage from spreading too far.
The best thing to do is use a password manager you can trust that makes very long, very complex, unique passwords for each site.
Latest Answers