Quote:The Change Your Password Day was established in 2012 and has been celebrated annually since then. But what might’ve seemed as a good idea back then is somewhat outdated in 2019. That’s why we’re proposing to change it to Strong Password Day.


Changing passwords regularly doesn’t help


A decade ago, it used to be a common security practice to change passwords regularly. However, nowadays it’s not considered to be effective. Why is that? Well, when it comes to passwords, there are actually two parts to the problem. First, passwords have to be hard to guess to effectively protect the account they are used for, and second passwords have to be easy to remember in order for us to use them. Whilst changing passwords regularly does have some positive impact on the first part, it drastically complicates the second.

The problem really stems from the fact that we, as humans, don’t like to remember long, complicated passwords — we’re not machines. So, we do what comes naturally — we cheat. When we are forced to change a password, we make small changes in existing passwords, instead of creating a brand new one. To illustrate the point, let’s take the password ‘batman2018’. Most of us, if asked to change this, would probably just change it to ‘batman2019’ — the system sees a different password, but technically it’s the same and crucially, it wouldn’t take a genius to guess the new password, if the old one had been compromised.

TL;DR: Changing passwords regularly doesn’t really work. It’s a much better idea to use strong and, even more importantly, unique passwords. Now, let’s talk a little bit about uniqueness.

Full reading: https://www.kaspersky.com/blog/strong-password-day/25519/