cover of episode Episode 11: How to Minimize Your Chances of Getting Hacked!

Episode 11: How to Minimize Your Chances of Getting Hacked!

2020/11/18
logo of podcast Cyber Security For All

Cyber Security For All

Frequently requested episodes will be transcribed first

Shownotes Transcript

Apetech Website: https://www.apetech.me/

https://anchor.fm/apetech/message

Email: [email protected]).

Twitter:  @apetechda

In this episode, we are going to talk about the good and the bad about changing your password every 90 days

Passwords are susceptible to all kinds of attacks.  If you haven’t listened to our first episode, I recommend you listen to that episode first. We’ll highlight some of the topics discussed, but for full details, make sure to give that episode a listen.  If you work at companies that take security VERY seriously, then you’ve probably have had to change your password every 90 days.  Not only do you have to change your password every 90 days, but you can’t reuse an old password, and you have always meet the minimum criteria for a strong and secure password.

While it may be an inconvenience to have such stringent rules, there are some benefits to changing your password every 90 days.  But like everything else in life, there are some downfalls as well.  So, let’s look at the good and the bad in this episode.

Why password expiry is good

Let’s start off by talking about the good stuff.  Changing your password often is a good thing.  It can protect you from being exposed in case your existing password has been compromised. If someone gains access to a website that may contain your password, it might not matter anymore because you would have already changed your password.

Another benefit of changing your password is if you accidentally store your credentials on a different device, that device will no longer have access to your account.  This is a good thing because oftentimes, we forget where we logged into accounts.  By changing your password frequently, you minimize the changes of someone else logging into your account without you knowing.

As a side note, and not related to the topic of this episode, a good way to find out if someone has your password or log in information is to check the login history on your account.  Some accounts like gmail and facebook have a setting that allows you to see every time someone logs into your account.  Review it and if you notice a location that isn’t one where you were at personally, then you should immediately change your password because there’s a high chance that someone is logging into your account.

Changing your password often also means that it breaks all those saved passwords that you stored in the browser.  If you haven’t listened to our previous episode about why it’s not a good idea to store your password in the browser, make sure you listen to that episode as we go into more detail why this is a bad idea.  Nonetheless, if you change your password, you’ll be required to update your saved password.  If you don’t have access to a device that you might have saved your password in, then that password will no longer work and people with access to that device will not be able to access your account.

Why password expiry is bad

We are creatures of habit.  Maintaining a password that is safe and secure is already hard enough.  Now, imagine you need to make a unique password every 90 days.  That’s a lot of different passwords.  So, what do humans like to do to make things easier?  They’ll make a pattern out of their passwords so they are easier to remember after each change. This is a bad idea because if an attacker gets access to an old password, they can try to figure out your pattern and then figure out your new password(s).


Support this podcast: https://podcasters.spotify.com/pod/show/apetech/support)