">
TechMoran
  • About Us
  • Deals
  • Jobs
  • Motoring
    • Money
  • Pitch Your Startup
  • Submit Your Post
  • Freelance Gigs
  • Travel
  • Men’s Corner
  • Dating
Monday, January 18, 2021
  • Startups
  • Reviews
  • Insider
    • Obituaries
  • Business
  • Women
  • Blockchain
  • Columnists
  • Hacks & Facts
    • How To
  • Editions
    • US Edition
    • India Edition
    • MENA Edition
    • Asia Edition
    • Europe Edition
    • International Edition
No Result
View All Result
TechMoran
">
Home How To Hacks & Facts

Time to rethink your approach towards password change

Contributor by Contributor
7 months ago
in Hacks & Facts
11 min read
0

By Paul Ducklin, principal research scientist, Sophos

Until a few years ago, everyone received advice to change passwords on a regular and frequent basis, just because it was possible. But the idea was to reduce the length of time you’d be exposed if your password were breached since passwords provide the first line of defense to your personal and business devices.

Are password resets needed at all?

By all means, change your passwords whenever you like if you want to – and if you use a password manager, it’s easy to do just that.

But the only time you should feel compelled to change a password is when there is a clear and obvious reason to do so, and that’s if you think – or, worse still, know – that it might have been compromised.

Fortunately, in many or most recent data breaches (not all) where authentication data gets stolen, the crooks don’t end up with your actual password along with your login name.

Passwords usually are – or certainly should be! – stored in a hashed form, where the hash can be used to verify that a supplied password is correct, but can’t be wrangled backwards to reveal what the password was. As a result, most password exposures that arise from data breaches require that the crooks first crack your password by trying a long list of guesses until they find one that matches your password hash.

Related posts

How we can all contribute to the Green revolution 

January 15, 2021
0

Cat Breed Guide – Best Breeds for Apartments

January 13, 2021
0

Tips on upgrading your home office tech

January 13, 2021
0

Our Top Kayak Picks For Your Next Adventure!

January 5, 2021
0

Simply put, the longer and more complex your password, the longer it will take for the crooks to crack it.They try the most obvious passwords first, so 123456 will probably be the very first one they try for each user; Pa55word! might be the 100,000th on their list; but they are unlikely to get round to trying VFRHFMNOLR5LAIVGDOW5UZRT for days, or months, or even years.

READ  How to Pay KRA Penalties and Fines via MPESA

In other words, if a service provider notifies you that your password hash was acquired by crooks, you’ll nevertheless remain safe if you change your password before the crooks get round to cracking it.

Even if the breach happened weeks or months ago, you’ve probably still in a good position to beat the crooks to it, assuming you choose wisely in the first place – and if you use a password manager, it’s easy to do just that.

How quick are we?

A paper entitled (How) Do People Change Their Passwords After a Breach? that came out recently from Carnegie Mellon University in the US reveals that that a worrying number of us aren’t quick at all. The researchers found that very few of their participants reported intentions to change passwords after being notified that their passwords were compromised or reused, including because they believed in the “invincibility” of their passwords.

How good are we?

Disappointingly, even for the one-third who did change the relevant password, most took more than three months to get around to it, and many of those replaced their old passwords with weaker ones.

Even more intriguingly – though perhaps, with hindsight, not surprisingly – the researchers claim that those who did change passwords tended, on average, to pick a replacement that was more similar than before (measured by substring similarities) to all their other passwords.

In short, humans really aren’t good at randomness – but then, they aren’t very good at reacting to data breach advice either.

What to do?

  • Don’t delay, do it today
READ  How to Register a Business Name in Kenya

If there’s a valid reason to change one of your passwords, do it right away. This will keep you ahead of the crooks

  • Avoid taking shortcuts

Choose quality passwords. Crooks will spot any tricks or patterns you use in order to make your passwords different yet similar enough to remember easily. If you have u64b2vqtn5-fb for Facebook and u64b2vqtn5-tw for Twitter, the crooks will figure out the rest of your passwords with ease. 

  • You are not invincible

The crooks probably won’t crack your password if it’s 6GHENBIZMX3TTUHJTPQZTEKM, but why take the risk that they might?

  • 2FA as an excuse won’t help

 Don’t use 2FA as an excuse to choose a trivial password or to use the same one everywhere – it’s meant to be a second factor, not just a different sort of single factor.

Readers 1,181

Share

  • Click to share on Telegram (Opens in new window)
  • More
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)

Like this:

Like Loading...

Related

Contributor

Contributor

Related Posts

Hacks & Facts

How we can all contribute to the Green revolution 

January 15, 2021
0
Hacks & Facts

Cat Breed Guide – Best Breeds for Apartments

January 13, 2021
0
Hacks & Facts

Tips on upgrading your home office tech

January 13, 2021
0
Hacks & Facts

Our Top Kayak Picks For Your Next Adventure!

January 5, 2021
0
Hacks & Facts

Top-Load vs. Front-Load Washer: Which is Better?

January 4, 2021
0
working pattern internet abstract
Hacks & Facts

WooCommererce Hosting: What You Need To Know

January 3, 2021
0
keyboard gaming moody gamer
Hacks & Facts

Five B2B Ecommerce Tips Every Business Should Know

December 29, 2020
0
Hacks & Facts

What Makes The Best Website Hosting Company

December 29, 2020
0

https://bit.ly/2VOxuoBhttps://bit.ly/2VOxuoBhttps://bit.ly/2VOxuoB
ADVERTISEMENT

Join our Mailing List

Loading

Recent Posts

A salesman checks a customer's iPhone at a mobile phone store in New Delhi, India, July 27, 2016. REUTERS/Adnan Abidi

How To Measure How Much You Walk On Your iPhone

January 17, 2021

How To Scan and Sign Documents Directly From Your iPhone

January 17, 2021

realme to release more phones in 2021 to grow its smartphone market share

January 16, 2021

What You Need To Know To Manage Your Network Effectively

January 16, 2021

Baidu establishes an Intelligent electric vehicle arm to bring autonomous cars on a road near you

January 15, 2021
">
">

Follow Us

">

There are many sites out there focused on blowing off some steam, from funny entertainment to thrilling experiences like playing online, in some cases online gaming could grant you the chance to win extra money. We came across rocketpot.io while browsing for a good btc casino online and it left us a very good impression with their wide variety of games and crypto offering.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

© 2019 Moran Media Group - All rights reserved TechMoran.

No Result
View All Result
  • Startups
  • Reviews
  • Insider
    • Obituaries
  • Business
  • Women
  • Blockchain
  • Columnists
  • Hacks & Facts
    • How To
  • Editions
    • US Edition
    • India Edition
    • MENA Edition
    • Asia Edition
    • Europe Edition
    • International Edition

© 2019 Moran Media Group - All rights reserved TechMoran.

Login to your account below

Forgotten Password? Sign Up

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
%d bloggers like this: