Why you should change your password every 90 days

Photo by Behnam Norouzi on Unsplash

In this article, we are going to talk about the good and the bad about changing your password every 90 days. How often are you changing your password? Some folks use the same password for years. Others wait until they either forget their password or they are forced to change it by the service they are trying access. If you work somewhere with a solid security policy in place, you are probably changing your password every 90 days. Why 90 and why should you consider changing your password often? Keep reading, and we’ll be discussing various reasons why you should or shouldn’t consider frequent changes of your password.

Passwords are susceptible to all kinds of attacks. If you haven’t read my article on password attacks, or listened to my podcast episode where we go into more detail, I highly recommend you check either out! I’ll highlight some of the topics discussed in that article/episode, but for full details, make sure to give that article/episode some love.

If you work at a company that take security VERY seriously, then you’ve probably have had to change your password every 90 days. Not only do you have to change your password every 90 days, but you can’t reuse an old password, and you have always meet the minimum criteria for a strong and secure password. This is a very good security policy, but like everything in cyber security, it isn’t going to make you immune to an attack. As long as there are people wanting to do malicious things, you’ll always have to be adapting and improving. While it may be an inconvenience to have such stringent rules, there are some benefits to changing your password every 90 days. But like everything else in life, there are some downfalls as well. So, let’s look at the good and the bad next.

Why password expiry is good

Let’s start off by talking about the good stuff. Changing your password often is a good thing. It can protect you from being exposed in case your existing password has been compromised. If someone gains access to a website that may contain your password, it might not matter anymore because you would have already changed your password.

Another benefit of changing your password is if you accidentally store your credentials on a different device, that device will no longer have access to your account. This is a good thing because oftentimes, we forget where we logged into accounts. By changing your password frequently, you minimize the changes of someone else logging into your account without you knowing.

As a side note, and not related to the topic of this article, a good way to find out if someone has your password or log in information is to check the login history on your account. Some accounts like gmail and facebook have a setting that allows you to see every time someone logs into your account. Review it and if you notice a location that isn’t one where you were at personally, then you should immediately change your password because there’s a high chance that someone is logging into your account. Let me know in the responses section below if you’d like for me to write an article showing you how to do just that!

Changing your password often also means that it breaks all those saved passwords that you stored in the browser. If you haven’t read my article about why it’s not a good idea to store your password in the browser, make sure you read to that article as well as I go into more detail why this is a bad idea. Nonetheless, if you change your password, you’ll be required to update your saved password. If you don’t have access to a device that you might have saved your password in, then that password will no longer work and people with access to that device will not be able to access your account.

Those are some of the reasons why it’s a good thing to change your password. Essentially, by you changing your password often, you become a moving target. You have to remember that folks that out there hacking people tend to be lazy individuals. If they have to put in some effort to hack you, they might just move on to the next person in hopes that they are an easier target. However, if a person really wants to do some damage to you personally, changing you password will not be your only solution. You’ll have to do many other things to keep yourself safe. Let’s talk about some of the drawbacks of changing your password often.

Why password expiry is bad

We are creatures of habit. Maintaining a password that is safe and secure is already hard enough. Now, imagine you need to make a unique password every 90 days. That’s a lot of different passwords. So, what do humans like to do to make things easier? They’ll make a pattern out of their passwords so they are easier to remember after each change. This is a bad idea because if an attacker gets access to an old password, they can try to figure out your pattern and then figure out your new password(s).

Another reason related to the first one is that when you have to change your password often, you have difficulty remembering what you changed it to. So, naturally folks will tend to write them down or make them super simple because they are easier to remember. Thus changing your password often creates bad password habits. These bad habits can make you vulnerable to an attack because you let your guard down.

Other than that, there really are no excuses for changing your password often.

You should change your password at a minimum once a year. Especially for critical accounts such as your bank account, you need to really consider changing your password often. If you ever receive an email saying that they have your password and you use that password on any website/account today, you need to update your password immediately.

Hope you enjoyed this article. Please don’t forget to hit that clap button and feel free to leave a response. Thanks and have a great day!

I’m an engineer working professionally in San Diego, CA. I’m trying to improve every day and use this space to document. Connect: apetech.me/social

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store