Security experts often advise computer users to update their passwords periodically to stay safe from hackers but surprisingly, a Britain's security service claims that your online data is even safer if you avoid changing your password routinely.
This habit has been a practice for years for the majority of computer users after being recommended that changing your password regularly prevents hackers from easily guessing your login credentials. Now, cyber security experts believe your best bet is to stick to one single password.
The warning came from UK intelligence and the Communications Electronics Security Group (CESG), which is part of the security organization GCHQ, the two bodies added that computer users should simply ignore the fact they have been told in the past that frequent change of passwords would prevent hackers from compromising their accounts.
The Britain's cyber experts concluded:
"It's one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack."
"Most password policies insist that we have to keep changing them. And when forced to change one, the chances are that the new password will be similar to the old one. Attackers can exploit this... New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out... CESG now recommends that organizations do not force regular password expiry."
A recent survey conducted showed that two-thirds of corporate businesses fell victims or suffered cyber attacks during the last year; this led the government into enlightening Brits on how they can better protect themselves from cyber-attackers.
In a recent incident where National Childbirth Trust (NCT) website got hacked by anonymous hackers, thousands of pregnant women and expectant parents fell victims of identity theft; over 15,000 usernames and passwords were stolen.
Just few days back, Reuters reported that a security researcher acquired a database from a Russian teenager containing record of email usernames and passwords including those from Google, Yahoo and Hotmail in an exchange for online forum review.
If users constantly keep changing passwords, they'll have to keep writing them down to ease remembrance. However, this practice could prompt the system that something unlawfully is happening should in case the password falls into wrong hands or entered wrongly for some fixed trials.
One of the threats with changing passwords regularly the CESG has cited is, how dissatisfying people can become about every new password they pick or how similar it can be from the old one. Chances are hackers can easily pick something similar to their old password or one that has been used on another account.
Former National Security Agency contractor, Edward Snowden, once recommended that users should consider using "pass phrases" instead of passwords. According to him, computer hackers only take milliseconds to crack any eight character password. He also added that it takes much longer to brute-force those common phrases that are not likely to be found in the dictionary.
A spokesperson of Microsoft said the company has state-of-the-art technology to suddenly detect account compromise and help users regain access to their accounts in case they fall in the hand of victims. In other words, whether users consider changing their passwords routinely or not, they will still be covered by Microsoft's protection.
Article Source: Trinesty