Changing Password Every x Days
by TrueJournals on Jun.13, 2009, under life, thoughts
This will be the second in my series of security topics from a non-security expert, I suppose. I just calls ’em hows I sees ’em.
As you may or may not know, I will be attending Valparaiso University this Fall as a Freshman. When I attended Valparaiso’s Freshman orientation program, they taught us a lot about their online systems. One thing I learned was that I will need to change my password every 185 days, and when I change it, it can’t be similar to whatever I had last time. The idea here is that this will be more secure, because hackers will never know your password for an extended period. However, I see a problem with this.
Forcing me to change my password to something completely different means forcing me to memorize a new password, something completely different, too. Now, personally, I don’t think this will be much of a problem, because I’m pretty good at memorizing things. However, if you aren’t that good at memorizing, this could cause a big problem: the urge to write down your password. As anyone could tell you, writing down a password immediately creates a security risk, because anyone could see it written on a piece of paper, or take the paper, etc. The safest place for a password is in your brain, and in your brain only.
So, is forcing users to change their password really more secure? For some people, I think it will help, but I think it’s a practice that could only hurt others. A better idea would be to enforce good password practice: have users create a nice, good length, password, containing at least one letter, number, capital letter, and special character. Want to go for more security? Force it to start and end with a letter. Don’t just let the user tack an exclaimation mark on an otherwise easy-to-guess password.
Overall, I don’t think there will ever be a formula for password security. There is no one end-all be-all tip I can give for keeping your password away from hackers. Perhaps forcing people to change their password every x days really does help security. But, I’d like to see some concrete proof of this before I believe it.
September 15th, 2009 on 11:57 pm
You are right in that changing passwords is a pain in the neck andif you think once every 185 days is a pain wiat until you enter the working world and its like multiple applications each with a password that must be cahnged every 30 days.