Change your password, nevertheless! - Password security Part II

Let’s face it. Hackers are almost always ahead of you. But then, so are burglars and petty thieves. To give you a simple analogy, research has proven that an unalarmed property is 5 times more likely to get burgled than an alarmed one! Similarly, you are better protected online when you have tough password control.

One tried and tested technique for tighter password security is to change your password regularly. Now, a lot of people suggest that this is pointless , and that a hacker will use your information as soon they have your password. Well, this may be true in some cases, but certainly not in all.


Think of a non-financial account containing confidential information - Facebook, Twitter, even your Driving License online account? It is super easy for a fraudster to impersonate you if they get hold of such account details. Typically, he/she won’t necessarily use the information immediately but might wait for the right time! 

Let’s take a look more such situations where you would benefit hugely by changing your password regularly:

•    Lost/stolen devices – You’ve been accessing your bank account, medical records and work related emails on a device, which has just been stolen! Now, unless you’ve set up automatic erasing or invalidating of passwords stored on such a device, you’re likely to be in big trouble!

•    Your employees have unrestricted VPN access and complete information on the passwords to shared drives. One of them leaves and joins a competitor. How safe do you think it is, to have not bothered to change the password at that point?

•    You access your work email on a laptop, tablet or any device that has been shared with your Ex. Quite unlikely, but is it worth the risk of not having changed the password?

•    You are working from home, and your teenager accidentally accesses your emails or work and unintentionally posts something to social media. Quite dramatic that, but there is always a slim chance that it could actually happen!


•    An easy one – you’ve quickly checked your bank balance at a public space / café / etc. You never visit that place again, but you’ve left enough information for someone to hack into your account at a later date. Of course, the hacker might have a good laugh on seeing your bank balance, but why worth that risk!


•    You’ve left your Google+ open, and a hacker decides to impersonate you and/or misuse your photo albums, your contacts and more! *shudder*

•    This might make you uncomfortable, but there are known to be some snoop-friendly sites that actually allow hackers to listen. Who might like to ‘listen’? An ex-boyfriend, tabloid, non-financial interested parties and so on.

So what should you do to thwart hackers?

•    Change your password regularly:
Why wait for your account to be compromised? It is certainly safer to change your password regularly. That way, even if it falls into wrong hands, at least there is a chance that you’ve changed it before it gets used/misused. And this is relevant to any kind of account that you might own – bank account, work emails, network password, etc.


•    Keep it unpredictable:
Changing your password is great, but remember, you do need to make it unpredictable. There is little use in incrementing your password name/number every time you change it. For e.g., ‘Password_001’, ‘Password_002’, ‘Password_003’ and so on. Someone who gets hold of one password can very easily work out the rest!


•    Using variants:
To add to the unpredictability, change your password, but do use variants for different accounts. For instance, your bank account password could be MSAI9YO (My Son Adam Is 9 Years Old), while your LinkedIn password could be $uper!1Ace or something just as random. Make the game as tough as you can! 


•    Categorise high risk Accounts:
A relatively low risk account like for e.g., your blog, or online shopping rewards account (without any credit card details) – need not necessarily be changed as frequently as you would a high risk account.


•    Similarly, categorise high risk Users:

Again, a low risk user account (e.g., a client who has no access to anything except placing an order, without entering any financial information) need not be updated all the time. However , a high risk account, for e.g., someone who manages the company budget, who approves expense claims, who places huge supplier orders on the system, or say someone who manages the IT network – these user accounts clearly stand to lose more if they were compromised. It is necessary to regularly update the passwords for these accounts!


•    Counter poor verification:
It is vital that if the website you are accessing does not have strong two-step-verification, you must regularly change your password to reduce the risk of the poor verification process.

To summarise, a hacker might not use your information immediately. They could bide their time, they could ‘simply listen’, they could even impersonate over a period of time. Also, your accounts aren’t just financial. As discussed above, there is a plethora of information about you online, which could be misused if it falls into wrong hands. While it might not involve money, you could stand to lose just as much, or even more, if someone decides to snoop on your account or simply decide to repeat an earlier fraud, knowing that you were unlikely to change your password in the first place!


So yes, it is a pain to keep changing your passwords regularly across different sites, but it’s an effort worth taking!


Go ahead, make a simple strategy to keep on top of your passwords regularly and toughen the game for hackers and their clan!