India: We are in constant use of the Internet and all the web application’s to make our life easier.  All Most all of this application comes with login details like giving your username and password. Most of the time login username is quite common and visible to all, the password we give is not visible and the credential is used for login is not visible, but very important for login.

Why changing password is important.

Changing your password is more of a precautionary feature than actual security. Theoretically, almost any password can be cracked; thus, even if your password is 'aod1937:#;/jwi6;(@6sk', it could be cracked. If someone has cracked it, they have access to what it's protecting. Changing your password ends their access: thus by changing it regularly you limit the time attackers have to do damage.

Regular password changes are notionally a good idea because they guarantee someone can’t acquire your password and use it to snoop on you over an extended period of time. However, regularly changing your password won’t help much .

If an attacker gains access to your accounts, they’ll most likely use their access to cause damage right away. If they gain access to your online banking account, they’ll log in and attempt to transfer money out rather than sit and wait. If they gain access to an online shopping account, they’ll log in and attempt to order products with your saved credit card information. If they gain access to your email, they’ll likely use it for spam and phishing, or attempt to reset passwords on other sites with it. if they gain access to your Facebook account, they’ll probably attempt to spam or defraud your friends immediately.

Typical attackers won’t hold onto your passwords for an extended period of time and snoop on you. That’s not profitable — and attackers are just after profit. You’ll notice if someone gains access to your accounts.

Password changes in response to specific events are a good thing, of course. It’s a good idea to change your passwords on websites that were vulnerable to Heartbleed but have now patched it. Changing your password after a website has its passwords database stolen is also a good idea.

If an attacker could gain access to the encrypted passwords, it would take her some time to bruteforce them (at least theorically). Forcing users to change regularilly their passwords was meant to make that task futile. If it was estimated to take, let's say, 40 days to bruteforce a 8 character password, making your users change it every 30 days would render the bruteforced password useless. Or at least that is what people thought some years ago.

Now, let's come back to the real world: it is not only that bruteforcing password is pretty much useless per-se, as most passwords are not random, but word-based, so a dictionary attack is much more efficient; password-cracking software and hardware growing exponentially (like GPU-based software), so the minimum length and complexity you should require to your users would be growing each year, thus making the "lost my password" usage grow each year; but forcing people to change their passwords every so little time make them use time-based or sequence-based passwords, like mypassword-aug2014 or mypassword-7th-change, so the purpose behind the change is completely reversed, as anybody would guess the next password in those cases even if a year has passed.

How important it is to change password regularly?

A WWW-site guided me to change the password regularly. Should I believe what the say, if my current password is long enough random string?

About The Author

Chetan Sharma is an Indian fact-checker and news writer, writing news for Ayupp since 2014.

You Might Be Interested In

Latest On