Skip to main content

Want some security advice? Don’t reset your passwords too often

keeper most common passwords 2016 worst 2015
Image used with permission by copyright holder
Setting your password as “password” has long been dinged as a sure-fire way to invite trouble when it comes to your digital privacy. And obviously, if you’re using the same password for everything on the Internet, you may be in trouble. But while security firms have long discussed the common pitfalls of online security, another practice that may seem solid in theory is now being warned against as well. On Thursday, in observance of World Password Day, the U.K. government urged its citizens not to change their passwords too frequently, claiming that this practice is actually more harmful than it is helpful.

“In 2015, we explicitly advised against it [changing passwords],” British intelligence and security organization GCHQ’s Communications-Electronics Security Group (CESG) wrote recently. “This article explains why we made this (for many) unexpected recommendation, and why we think it’s the right way forward.”

So what’s the issue with constantly changing things up? According to the organization’s 16-page report, repeatedly resetting your codes “doesn’t take into account the inconvenience to users.” A secure password, CESG notes, should be both long and random, which makes them fundamentally difficult to remember. And while you can create and remember a few long and random strings, it’s hard to do this for dozens of passwords. “When forced to change [a password], the chances are that the new password will be similar to the old one,” security experts warn. “Attackers can exploit this weakness.”

CESG also notes that frequent change can be rather counterproductive — in order to remember new strings, users may end up writing them down or storing them in other unsafe ways. There’s also the stronger possibility of forgetting the new password and being locked out of an account, forcing users to find a new password yet again.

“It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack,” CESG concludes. “What appeared to be a perfectly sensible, long-established piece of advice doesn’t, it turns out, stand up to a rigorous, whole-system analysis.”

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Microsoft’s DirectStorage may improve loading times by 200%, but don’t get too excited
Person using a gaming monitor.

Microsoft has just introduced GPU decompression to its new DirectStorage API, bringing it to version 1.1.

GPU decompression can provide huge performance gains in gaming -- Microsoft promises up to a 200% performance improvement in loading times. Unfortunately, it's still much too early to get excited -- we might not see DirectStorage for quite a while.

Read more
This game lets hackers attack your PC, and you don’t even need to play it
Genshin Impact characters.

Hackers have been abusing the anti-cheat system in a massively popular game, and you don't even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game's anti-cheat measures in order to disable antivirus programs on the target machine. From there, they're free to conduct ransomware attacks and take control of the device.

Read more
France’s cyber unit preps for potential cyberattacks targeting Paris Olympics
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Organizers at the Paris Olympics are expecting a wave of cyberattacks to target the Games when the sporting extravaganza kicks off in earnest this weekend.

Researchers have noted that some attacks have already started, with Russia-affiliated hackers suspected to be behind the nefarious efforts, Bloomberg reported on Thursday.

Read more