Skip to main content

Want some security advice? Don’t reset your passwords too often

keeper most common passwords 2016 worst 2015
Image used with permission by copyright holder
Setting your password as “password” has long been dinged as a sure-fire way to invite trouble when it comes to your digital privacy. And obviously, if you’re using the same password for everything on the Internet, you may be in trouble. But while security firms have long discussed the common pitfalls of online security, another practice that may seem solid in theory is now being warned against as well. On Thursday, in observance of World Password Day, the U.K. government urged its citizens not to change their passwords too frequently, claiming that this practice is actually more harmful than it is helpful.

“In 2015, we explicitly advised against it [changing passwords],” British intelligence and security organization GCHQ’s Communications-Electronics Security Group (CESG) wrote recently. “This article explains why we made this (for many) unexpected recommendation, and why we think it’s the right way forward.”

Recommended Videos

So what’s the issue with constantly changing things up? According to the organization’s 16-page report, repeatedly resetting your codes “doesn’t take into account the inconvenience to users.” A secure password, CESG notes, should be both long and random, which makes them fundamentally difficult to remember. And while you can create and remember a few long and random strings, it’s hard to do this for dozens of passwords. “When forced to change [a password], the chances are that the new password will be similar to the old one,” security experts warn. “Attackers can exploit this weakness.”

Please enable Javascript to view this content

CESG also notes that frequent change can be rather counterproductive — in order to remember new strings, users may end up writing them down or storing them in other unsafe ways. There’s also the stronger possibility of forgetting the new password and being locked out of an account, forcing users to find a new password yet again.

“It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack,” CESG concludes. “What appeared to be a perfectly sensible, long-established piece of advice doesn’t, it turns out, stand up to a rigorous, whole-system analysis.”

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
I don’t want a touchscreen MacBook, but this feature could convince me
A person typing on a MacBook Pro while sat on a wooden bench.

Rumors that Apple is making a touchscreen Mac are about as old as the Steve Jobs adage that touchscreen laptops suck and make your arm ache. But a fresh patent shows Apple is still working on the idea -- and this time the company might have finally perfected it.

As spotted by Patently Apple, the patent describes how a touchscreen Mac could incorporate haptic feedback into its display. That means you could get small tactile taps every time you press on the screen, which would subtly let you know that your actions have been recognized.

Read more
You don’t have to use Bing – Google Search has AI now, too
Google Search Experience gives an overview with links and images.

Google Search Experience gives an overview with links and images. Google

Google is rolling out big changes to its top product, Google Search, adding generative AI capabilities. That means you don't have to switch to Bing to get a more helpful AI-enhanced search.

Read more
Nvidia finally made a tiny RTX 4000 graphics card (but you probably don’t want it)
RTX 4000 SFF going into a PC case.

After months of massive graphics cards like the RTX 4090, Nvidia is finally slimming things down at its GPU Technology Conference (GTC). The RTX 4000 SFF delivers the Ada Lovelace architecture in a tiny package, but you probably won't find it sitting among the best graphics cards.

Although the RTX 4000 SFF uses the same architecture in gaming GPUs like the RTX 4080, it's built for a very different purpose. It uses Nvidia enterprise drivers, and it's made to power computer-aided design (CAD), graphics design, AI applications, and software development, according to Nvidia. The card takes up two slots and includes a low-profile bracket for cases like the Hyte Y40.

Read more