Changing Password Every x Days

by on Jun.13, 2009, under life, thoughts

This will be the second in my series of security topics from a non-security expert, I suppose. I just calls ’em hows I sees ’em.

As you may or may not know, I will be attending Valparaiso University this Fall as a Freshman. When I attended Valparaiso’s Freshman orientation program, they taught us a lot about their online systems. One thing I learned was that I will need to change my password every 185 days, and when I change it, it can’t be similar to whatever I had last time. The idea here is that this will be more secure, because hackers will never know your password for an extended period. However, I see a problem with this.

Forcing me to change my password to something completely different means forcing me to memorize a new password, something completely different, too. Now, personally, I don’t think this will be much of a problem, because I’m pretty good at memorizing things. However, if you aren’t that good at memorizing, this could cause a big problem: the urge to write down your password. As anyone could tell you, writing down a password immediately creates a security risk, because anyone could see it written on a piece of paper, or take the paper, etc. The safest place for a password is in your brain, and in your brain only.

So, is forcing users to change their password really more secure? For some people, I think it will help, but I think it’s a practice that could only hurt others. A better idea would be to enforce good password practice: have users create a nice, good length, password, containing at least one letter, number, capital letter, and special character. Want to go for more security? Force it to start and end with a letter. Don’t just let the user tack an exclaimation mark on an otherwise easy-to-guess password.

Overall, I don’t think there will ever be a formula for password security. There is no one end-all be-all tip I can give for keeping your password away from hackers. Perhaps forcing people to change their password every x days really does help security. But, I’d like to see some concrete proof of this before I believe it.

:, ,

1 Comment for this entry


    You are right in that changing passwords is a pain in the neck andif you think once every 185 days is a pain wiat until you enter the working world and its like multiple applications each with a password that must be cahnged every 30 days.

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...