Change Your Password Twice a Year

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,412
Google is advocating a security checklist which includes changing your password twice a year and never using it again. Good advice from Google. Now if Street View would stop driving by my house, I would feel much safer. Maybe Google also will advise you to move twice a year and never go back. :D


Webroot's Brandt said that Google's advice for twice-yearly changes is reasonable. He thinks people should change their passwords as often as they can. "I change my passwords at least four times a year, but I'm a security nerd and use password manager software which generates the passwords and reminds me to change them."
 

BombermanX

Gawd
Joined
Apr 17, 2004
Messages
617
Someone needs their tinfoil hat today... Street View is awesome, I'm just waiting for them to release higher quality 3-d models for licensing in video games...
 

Stoly

Supreme [H]ardness
Joined
Jul 26, 2005
Messages
6,714
I change my password everyday starting from blank to blank, blank to blank blank blank, ad infinitum. :D
 

fightingfi

2[H]4U
Joined
Oct 9, 2008
Messages
3,231
dude its bad enuff being newhere with login in here passwerd there i got to many freaking PW's...:rolleyes:
 

DanNeely

Supreme [H]ardness
Joined
Aug 26, 2005
Messages
4,144
Short of something approaching a single signon system changing web passwords that frequently isn't a realistic option due to the pita factor of hundreds of accounts. I'm still finding a few sites a year that have a password from low security set I nominally retired 5 years ago.
 
D

Deleted member 184142

Guest
Am I the only one who thinks the "change your password often" is a waste of time and they should be promoting good passwords instead? It's not like a password has an expiration date, and after so many months no longer works.
 

sc3252

Gawd
Joined
Jan 3, 2005
Messages
680
I really hate these security people. If I went and starting changing my passwords twice a year I would never know what account went to what and would lose shit.
 

Exavior

[H]F Junkie
Joined
Dec 13, 2005
Messages
9,700
Am I the only one who thinks the "change your password often" is a waste of time and they should be promoting good passwords instead? It's not like a password has an expiration date, and after so many months no longer works.

It isn't that it has an expiration date, the point in chaning passwords is for 2 reasons, one it keeps somebody from being able to have an unlimited amount of time to brute force your password. the other reason is for IF they do manage to get your password, be it by packet sniffing, brute force, infecting you with a virus and stealing your password or any other method you would limit the amount of time they would be able to use your password.

sure by having a strong password you make it much harder to brute force in any reasonable amount of time, but now you are relying on the other side to store your password in a way that somebody isn't going to be able to steal it, or that you don't somehow get infected with a virus or other peice of malware that steals it.
 

NoNRG

2[H]4U
Joined
Dec 16, 2007
Messages
2,124
I recall reading an article a few months ago on the front page suggesting that changing your password does not improve security. Anyone else remember that one?
 

TheWeazmeister

<a href=http://www.blogcdn.com/www.parentdish.com/
Joined
Jul 16, 2010
Messages
3,346
shyte, you mean i shouldnt' use password for all my passwords?
 

Met-AL

Supreme [H]ardness
Joined
Apr 9, 2002
Messages
7,889
I like how my bank and Paypal does it. I enter in my user name and my password, then they send me a SMS text on my cell phone with a random number that is only good for 30 seconds. I have to then type that into the website before it lets me login.

So, to get into my account, you need to know my user name, my password, and have possession of my cell phone. Kinda takes the fun out of hacking user accounts.
 
D

Deleted member 184142

Guest
It isn't that it has an expiration date, the point in chaning passwords is for 2 reasons, one it keeps somebody from being able to have an unlimited amount of time to brute force your password. the other reason is for IF they do manage to get your password, be it by packet sniffing, brute force, infecting you with a virus and stealing your password or any other method you would limit the amount of time they would be able to use your password.

sure by having a strong password you make it much harder to brute force in any reasonable amount of time, but now you are relying on the other side to store your password in a way that somebody isn't going to be able to steal it, or that you don't somehow get infected with a virus or other peice of malware that steals it.

All those point have to do with someone getting your password, and as such, changing it often would have no effect, as the person would still have access for about 6 months if you are going by the suggestion. And if the site does not store the passwords in a "safe" way, then what good will changing the password do? I see allll the time news reports of people using TrueCrypt with good passwords and some part of the gov using a supercomputer to try and bruteforce it for months/years without any luck, which is amazing since there is no network bandwidth limit factoring in.

Also, if your rig is compromised by some form of infection, and you don't know about it, again, changing the password would have no effect and if you do know about it, you would remove it and should change all passwords to be safe.

I recall reading an article a few months ago on the front page suggesting that changing your password does not improve security. Anyone else remember that one?

As do I, it had to do with the myth being started by banks I believe?
 

bacon

[H]ard|Gawd
Joined
Jul 8, 2008
Messages
1,301
It isn't that it has an expiration date, the point in chaning passwords is for 2 reasons, one it keeps somebody from being able to have an unlimited amount of time to brute force your password. the other reason is for IF they do manage to get your password, be it by packet sniffing, brute force, infecting you with a virus and stealing your password or any other method you would limit the amount of time they would be able to use your password.

sure by having a strong password you make it much harder to brute force in any reasonable amount of time, but now you are relying on the other side to store your password in a way that somebody isn't going to be able to steal it, or that you don't somehow get infected with a virus or other peice of malware that steals it.

Yea but who gives a fuck unless its a bank or CC site? Of course lets not forget steam, which I am sure would probably lock the account if someone tried to brute force.

OMG someone stoles my [H]ardform password! It really isn't as bad as most security people make it out to be online.
 
Joined
Aug 17, 2005
Messages
2,878
It sounds good in theory, but a nightmare in practice for average users. We're all creatures of habit, for better or worse. One must have perfect record-keeping of all sites they registered and remember to change it all at some point. That just doesn't realistically happen for most people. I think I'm far more likely to get keylogged than brute-forced within 2 years. It's about as unrealistic as using a different password for every account you use. Sure you should have an important password and a junk one, but no one's going to realistically remember a dozen passwords for different accounts.
 

colinstu

2[H]4U
Joined
Oct 11, 2007
Messages
3,563
None of my accounts have ever been hacked besides my Google one a few months back.

I only use a couple passwords, one of them containing letters an numbers, yet that one was hacked on ebay. I changed it again to include a capital letter and a special character and it seems to've fixed it.

Hackers can screw themselves.
 

Imaulle

[H]ard|Gawd
Joined
Jan 13, 2006
Messages
1,213
any good websites that generate those tough passwords like hostgator use to have? I miss that page :(
 

l00segravel

Limp Gawd
Joined
Jan 13, 2010
Messages
474
dude its bad enuff being newhere with login in here passwerd there i got to many freaking PW's...:rolleyes:

I have no idea what you just said there... :confused:

I always find one password for my recovery email and another password for everything else works out well. Work and my 40+ passwords is a different story though...
 

PWMK2

2[H]4U
Joined
Dec 4, 2005
Messages
3,032
Well, personally, since people can just walk by my house and look at it, I don't really care about street view...
 

stockwiz

Limp Gawd
Joined
Oct 6, 2007
Messages
330
I noticed a trend of some forums forcing this. The forums that force this will be the ones I no longer use. I've had passwords for 7 years that are the same, with no problems. If nobody has the password now, why would they suddenly have it a year from now if nothing has changed?
 

Ocean

Supreme [H]ardness
Joined
Oct 19, 2003
Messages
4,927
i have no clue what my passwords are, i wouldnt recognize them if i saw them. i just put my fingers on the keyboard and play some piano music. my bank password is about 50 characters long and takes 10 seconds to play.
 

Ryokurin

[H]F Junkie
Joined
Aug 14, 2001
Messages
10,560
I recall reading an article a few months ago on the front page suggesting that changing your password does not improve security. Anyone else remember that one?

I can think of two reasons why easily.

1. You can change the password all day, but if you choose safety parameters that everyone who knows you knows (Your mother maiden name, the name of your high school, your dog's name etc) then it's worthless. The same goes with choosing typical passwords that people who know you can guess easily.

2. People tend to remember 3-4 passwords and use them in various places, so if one falls, suddenly 10-20 sites are now vulnerable.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,420
I recall reading an article a few months ago on the front page suggesting that changing your password does not improve security. Anyone else remember that one?

because frequently changing it results in people having to write it down, or save it in a non safe file, thus defeating the whole reason to change your password.
 

jadams

2[H]4U
Joined
Mar 14, 2010
Messages
4,086
In the end Google doesnt want anyone to get your information.....











only they are allowed to do that!
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,420
I noticed a trend of some forums forcing this. The forums that force this will be the ones I no longer use. I've had passwords for 7 years that are the same, with no problems. If nobody has the password now, why would they suddenly have it a year from now if nothing has changed?

Because everyday new people are getting into hacking / phreaking / cracking? it is not like all the current people who do this will just stop one day, new people get into it.

One day H could be compromised from a VB update and poof, there goes your password all over the net.
 
Top