Successful strategies to avoid frequent password changes

August 19, 2014 – 5:50 AM

1.2 billion passwords reportedly stolen by Russian hackers. Before that it was Heartbleed.

After a widespread, nonspecific data breach, the conventional wisdom is that people should change all their passwords. But, there’s a better way. With the right password management habits, you won’t need to change all your passwords every time you hear about an online attack.

Changing all one’s passwords won’t hurt, but it is cumbersome. Not only that, it’s a Band-Aid fix that stops short of offering a stronger and more long-term solution, says Sean Sullivan, Security Advisor at F-Secure Labs. Data breaches are the new reality, and it’s no longer a question of if it happens to you, but when. Sullivan says rather than being told to change all their passwords, consumers need practical advice worth following. So when the next breach is disclosed, they will be in control and will only need to change those passwords they know are affected.

“The dirty little secret of security experts is that when there’s a data breach and they recommend to ‘change all your passwords,’ even they don’t follow their own advice, because they don’t need to,” says Sullivan. “Unless I find out about a breach with a specific account, I don’t worry about my passwords. That’s because I use a tool to remember my passwords for me, and a few simple techniques that help to manage my accounts so as to minimize the risk.”


You must be logged in to post a comment.