The H.A.C.K.E.R. Project

Password security is of utmost importance today. After all, if a hacker discovers one of your passwords, they can easily access your account and cause problems. The danger grows if you reuse the same passwords; hackers will often try the same login information across multiple websites and applications to figure out how many accounts they can gain access to. Thus, it is extremely important to know how to create a strong password as well as to use multi-factor authentication (MFA) in case one of your passwords does become compromised. While creating a long and complex password and enabling MFA help to create a strong foundation for your personal cybersecurity, there is another often overlooked tip that should be kept in mind when it comes to password security: changing your password. But, when exactly should you be changing your password?

First, before knowing when to change your password, it is important to note that simply adding a new character to the end or beginning of your password is not enough when it comes to “changing” your password; you should strive for an entirely new password that is just as or more robust than your previous one. This is because hackers will often try passwords that are similar to ones they have obtained. For example, if your password was “password1” (which is a horribly unsecure password), a hacker may also try using “password2”, “password3”, “Password1”, and other similar passwords when attempting to hack into your account.

After 30-90 Days

Many companies enforce a password change policy that requires employees to change their password every so often. However, these durations of time can change, and many online sources recommend varying lengths of time. Theoretically, the more often you change your password, the more your security increases, but in reality, this is not feasible or practical. The general consensus is to change your password as often as every 30 days, or monthly. However, some instead prefer to change their passwords in increments of 45 or 60 days, while others have settled on 90 days, making password changes a quarterly requirement.

Thus, it is recommended to adopt one of these four schedules- 30 days, 45 days, 60 days, or 90 days- to help increase the security of your accounts, selecting whichever schedule best suits your preferences. At the bare minimum, however, you should change your password yearly.

After a Data Breach or Hacking Attempt

Many companies will report data breaches or hacking attempts to their customers. If you receive notification that a company you have an account with may have had their data breached, that is a sure sign to change your password immediately. However, it is extremely important to change your password on the company website itself and not use any link(s) that may have came with the data breach notification. Hackers sometimes send out fake data breach messages as a means of phishing in an attempt to steal your data.

Similarly, if you do utilize that account’s password for other accounts, make sure to reset the passwords of those accounts as well (and don’t reuse your password again)!

After a Phishing Scam

Unfortunately, even if you try to be as secure and employ many cyber hygiene practices, it is still possible to fall victim to a phishing scam. If you believe you have fallen victim to a phishing scam, then the time is right for changing your password. It does not matter if you know for certain whether you were a victim or not; simply having the suspicion is grounds for a password change. That way, in the event that you were a phishing victim, you may be able to mitigate the damage a hacker can do with your account. Of course, if you only received the email or text message but did not open it or click any links, then your password should be safe, but if changing it will make you feel more secure, then do so!

After Suspicious Activity or Log-In Attempts on Your Account

Many accounts provide the option of an email notification when a log-in attempt- successful or otherwise- is made. If you receive one of these notifications and did not make this log in attempt, then it is prime time to change your password! Similarly, if you notice strange activity on your account, then it may also be time to change your password. Perhaps your username or profile photo keeps changing, you keep finding strange posts that you did not make, or other changes have been made that you do not recall making. Each of these scenarios can warrant a password change, since someone may have gained access to your account.

After Logging In to a Public Device

It is not uncommon for someone to log into their accounts on public computers at hotels or libraries, but these public devices inherently come with some risks. Not only could the device itself have keylogger software installed on it that will steal your information, but it is possible that you may simply forget to log yourself out. Either way, if you log into one of your accounts on a public device, then make sure to change your password the next time you can utilize your own private device. That way, you can minimize the risk of using a public device.

After Someone Discovers Your Password

Finally, if someone discovers your password, then it is likely time for a change. Perhaps you are logging into your account at the office and one of your coworkers is standing just a little too close to you, enabling them to see your password as you type (this is known as “shoulder-surfing”). Maybe you keep your passwords written down on a piece of paper, and one of your siblings discovers it one day (of course, you should not keep your passwords written down, but if you do write them down, make sure they are kept in a secure location and not simply under the keyboard!). Or, maybe you told someone your password so they could use your account, but now you want to revoke their access (such as with a movie or TV show streaming service). If someone- friend, relative, significant other, or coworker- discovers your password, then the security of your account can be put at risk. All of these scenarios- and plenty more like these- are a good reason to change your password.