Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Want some security advice? Don’t reset your passwords too often

Add as a preferred source on Google

Setting your password as “password” has long been dinged as a sure-fire way to invite trouble when it comes to your digital privacy. And obviously, if you’re using the same password for everything on the Internet, you may be in trouble. But while security firms have long discussed the common pitfalls of online security, another practice that may seem solid in theory is now being warned against as well. On Thursday, in observance of World Password Day, the U.K. government urged its citizens not to change their passwords too frequently, claiming that this practice is actually more harmful than it is helpful.

“In 2015, we explicitly advised against it [changing passwords],” British intelligence and security organization GCHQ’s Communications-Electronics Security Group (CESG) wrote recently. “This article explains why we made this (for many) unexpected recommendation, and why we think it’s the right way forward.”

Recommended Videos

So what’s the issue with constantly changing things up? According to the organization’s 16-page report, repeatedly resetting your codes “doesn’t take into account the inconvenience to users.” A secure password, CESG notes, should be both long and random, which makes them fundamentally difficult to remember. And while you can create and remember a few long and random strings, it’s hard to do this for dozens of passwords. “When forced to change [a password], the chances are that the new password will be similar to the old one,” security experts warn. “Attackers can exploit this weakness.”

CESG also notes that frequent change can be rather counterproductive — in order to remember new strings, users may end up writing them down or storing them in other unsafe ways. There’s also the stronger possibility of forgetting the new password and being locked out of an account, forcing users to find a new password yet again.

“It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack,” CESG concludes. “What appeared to be a perfectly sensible, long-established piece of advice doesn’t, it turns out, stand up to a rigorous, whole-system analysis.”

Lulu Chang
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
A Windows 11 bug may be quietly eating hundreds of gigabytes of your storage
Windows 11’s storage-eating bug now has a fix from Microsoft
Windows 11 suffering from RAM crisis

If your Windows 11 PC suddenly looks low on storage, your downloads folder or game library may not be the problem. According to Windows Latest, a bug tied to a Windows system file can silently consume tens or even hundreds of gigabytes on the system drive.

The file in question is called CapabilityAccessManager.db-wal, and it sits inside Windows’ Capability Access Manager folder. Windows Latest says the issue may appear as unusually high “System files” usage in Windows 11’s storage breakdown, even though the Settings app does not clearly identify the exact file responsible. In some reported cases, users saw it grow to 200GB, and even more.

Read more
Your next Teams meeting could have an AI teammate that answers questions for you
Teams is getting smarter, cleaner, and quieter about it. The AI features are opt-in, the chat cleanup is automatic.
Computer, Electronics, Laptop

Microsoft Teams is getting a meaningful update that overhauls almost every part of how you use the app, from AI-assisted meetings to a cleaner chat layout. Most of the changes are already in testing, and several are scheduled to roll out before the end of the summer.

Starting with the most interesting addition: an upgraded AI Facilitator that can listen to your meeting, spot when someone seems confused, and generate a response (via Windows Report). 

Read more
A hacker’s arrest just revealed how Microsoft can track your Windows device
Microsoft knew what websites his Windows PC visited.
Windows 11 on a laptop

A teenager allegedly used a VPN to cover his tracks while hacking a US jewelry retailer, but Microsoft knew anyway.

Court documents unsealed in the US case against Peter Stokes, a 19-year-old dual US-Estonian citizen accused of being a member of the notorious Scattered Spider hacking group, reveal that Microsoft provided the FBI with records tied to a tracking mechanism called the Global Device Identifier, or GDID. 

Read more