GBM Poll: How Often Do You Change Your Password?
The other day I dropped a computer off at the local repair shop because it was under warranty. After verbally asking for my contact information and email address, the attending technician asked, “What’s the password on this machine?” I answered audibly, without considering who was around me. There were at least two other people within earshot. This made me wonder among our GBM readers, how often do you change your password?
Many organizations and schools require that passwords be changed every few months. The local university where I’m taking graduate classes requires that passwords be changed every 180 days. The new password that you create cannot be any previous password that has been used. Like many, I’ve lately fallen into the trap of adding numbers onto the end of the same password.
Here are a few common sense password tips to consider:
- Use different passwords for different web sites.
- Write down your password and store it in a safe, secure location.
- Change your password periodically.
- Do not use common words, phrases, dates, or names.
- Include and mix characters other than letters and numbers if possible.
- Never share your password via insecure communication methods.
- Share your password with nobody, even those emails that look official and demand you reply or else.
Check out Google’s Gmail password tips here. Yahoo e-mailers can check out Yahoo’s Security Center for password protection information. Hotmail users can check out these tips to create solid and secure passwords as well as setting their passwords to expire every 72 days.
Social networking sites are not exempt from the same password problems. Here are a few resources to examine if you’re into the online social scene. The following sites provide a wealth of information, tips, and links to additional software that can help protect you while online:
What password tips do you suggest? Leave your password securing expertise in the comments to help others fortify their information.
07/18/2009 at 10:23 am
I never change my password, and in fact it’s one of only a handful of accounts at work that I set to “never expire”. However, I should point out a few things:
1) I use 6 different passwords, depending on circumstances, and I have at least one variation of each to satisfy #2 (about 12 total)…
2) They ALL meet strong-to-very-strong complexity requirements.
3) They have little, if anything, to do with me, so they’re not guessable.
4) For sites that require password changes (that I can’t exempt myself from), I rotate through the 6 passwords and variations.
07/18/2009 at 10:28 am
The only time I ever change passwords is if I am required to by the system I am using or if I am having a TPC serviced. When I am giving up the TPC to service, I rename my passwords something simple like 2730p. Upon return, I go back to my normal passwords.
The reason I don’t change my passwords is that I use very long passwords. My router for instance is 50 random characters long. Good luck hacking that one. Of course now everyone knows to use only 50 characters :(. (I lied, it’s not 50) My other passwords are all very long too. I use a thumb drive with software that automatically enters the password for me. That drive is secured with a fairly long password of random characters – that is the only password I remember. It is locked up in a safe when not being used or with me. My system bios passwords are not too difficult and the same goes for Windows passwords. They are really easy to defeat anyway. But, I use TrueCrypt to hide my data. If you got passed my dead bolted door, alarm system, safe, me and my Glock .45, and then manage to figure out the password to my key, you deserve the info. On other systems such as school, I use my thumb drive if a password is needed and I don’t keep data or access my own password protected info. I get email on my phone, not a system that I don’t control.
07/18/2009 at 10:31 am
Really, you gave them your password? Was that a password unique to that machine?
When I have to turn in a machine for repair, I generally put a clean freshly reimaged drive in that doesn’t have any data or apps on it that aren’t needed. And my password then is ‘welcome’.
My real passwords I change rarely, but I use different passwords for different sites. And record them in SplashID, so I have them readily available on my personal machine or iPhone..
07/18/2009 at 11:17 am
Remove the hdd, its idiotic to give anyone your hdd, password or not.
07/18/2009 at 2:40 pm
07/18/2009 at 11:52 pm
You should never never never give anyone, not even a technician a password..
I never ask for passwords when I repair machines…I don’t need them.
If he can’t repair your machine without your password, get another technician… or in rare cases, use a temporary vanilla password…
As for handing over a HDD to a computer geek/tech to repair…. I hope you trust him/her with that data. Always have a vanilla HDD to use for repair purposes. An old 10 Gig is all ya need.
07/19/2009 at 3:02 pm
I’ve got a few different passwords depending on the sensitivity of what I’m trying to protect. Better to hold onto a password and remember it forever than go through password reset procedures every couple of weeks because you can’t remember the passwords you’ve changed every 2 weeks for the 20 different websites and computers you use.
07/19/2009 at 6:31 pm
Repair Shop? I fix my own computers, lol
07/19/2009 at 6:39 pm
Great comments by all. @mrpacs: I agree. I usually fix my own problems, but not when something is covered under warranty and I don’t have to pay for anything!