It’s usually common practice to change your passwords once every 6 months or once every year.
The only problem is that people tend to leave this until the last minute and/or they never even do it at all because it’s a hassle to keep changing your passwords and it’s irritating to have to remember a NEW password all the time.
I am not advocating that you keep the same passwords for 5 to 10 years, but maybe we can be a bit lax and change our passwords once every 3 years instead?
I used to work for a corporation that made us change our passwords every 4 months. That was hell on Earth because we had 15 different passwords on different time frames with different requirements (8 letters, numbers only, or letters only, etc) and each time a prompt to change our email password was put on, I had to go to ALL of the passwords I could remember to all the different sites I had to log in, and change all of them too!
Here’s what I’m currently doing as my password strategy which I think is manageable enough to remember without having to consult my information to type in the password, but secure enough to handle 90% of all the problems.
Naturally, if someone is really trying to hack into your site, and they’re little geniuses, there’s not much you can do. Happens to the best of us, but this will foil about 90% of attackers.
Have 5 passwords
First password for all generic sites like newspaper sites you log in to read, or things that aren’t linked to your bank account and/or identification other than your ID.
Second password for sites that have a bit more of a tie to your banking or other secure information such as your telephone number or address. I’m saying things like Amazon, Networking websites (LinkedIn or Facebook), Etsy and so on.
Third password strictly only for banking sites such as your ING Direct, Investment accounts. Don’t ever use this password for anything other than banking or investing. Period.
Fourth Password JUST for your emails and/or Blogger (if you blog). I have a separate one just for emails because I don’t like using my banking password, or anything less secure like LinkedIn or Facebook. It’s deadlier to get a hold of your emails than it is to get into your Amazon account because you can always cancel the Amazon account and report a break in. With an email account, it’s a lot harder and you are at risk with all of your secure emails and documents.
Fifth password that is your deadliest one. I am talking Upper case, Lower case, numbers, characters, the whole mix. I have one totally memorized for this but I barely get a chance to use it because a lot of sites don’t allow special characters like “?” or “#”.
Come up with a good combination for all 5
This is an example of the most commonly used passwords and their areas (Campus, Business, Residence)
I admit to having used a couple of these, but not for my personal accounts.
Don’t pick full words if you can. Or if you do, make them really random words, or half words that only mean something to you. I wouldn’t worry so much about the complexity of these passwords for the very low security sites that you don’t care about and just read newspapers on.
Do not use words or phrases that have personal significance.
Don’t pick easy to remember things like “caleysdad” or something so simple that you could crack it with a little ingenuity.
Go for the 8 letter combination of numbers and letters.
Mix the numbers and letters. I usually do something like:
Two numbers, Three letters, Number, Letter, Number
12abc3d4
Don’t put in uppercase anything, leave it all lowercase, and if a site happens to ask for an uppercase letter, then just make the first letter uppercase and make a note of that quirk somewhere. But don’t change the password entirely just to put in an uppercase letter.
You can also help find your random password by typing it one or two rows above. Muffles becomes: j7rro3s
For your fifth password, make it at least 8 characters long (not less than 6) and a mix with special characters (#, @, etc) and an uppercase letter or two and find a good way to remember.
Use a sentence if it helps. e.g. “I have 2 dogs called Rover and Fido” gives: Ih2dcRaF
And use punctuation to your advantage. To incorporate a colon into the previous example as your special character, remember the sentence as “I have 2 dogs: Rover and Fido”, which would give: Ih2d:RaF
Use other things to help you remember your password like the street you grew up on, and your first pet/something hard to guess from your past, put a number sign in between, substitute some letters for numbers (l33tspeak comes to mind).
Examples you can use:
A = @
O = 0
I = 1
E = 3
F = 4
S = 5
G = 6
L = 7
B = 8For example: Marie grew up on Ocean Avenue, and her first pet was Muffles. The password would be: 0c3@n#muffl35
Change your passwords every 3 years or when they’re compromised
Change your passwords every 2-3 years or when you think someone has hacked into the accounts.
And make a note of them somewhere with a cryptic message if you can.
Save questions for secure and unsecure sections
The most secure questions should be saved for just your banking and investment accounts. DO NOT choose the same questions (if you can) for other less secure or important sites.
If you must use the same questions, put a different answer for the less secure sites and make a note.
This may be going too far and be too paranoid but it would help just in case someone finds out your first pet was named “Muffles”.
Just a girl trying to find a balance between being a Shopaholic and a Saver.
I cleared $60,000 in 18 months earning $65,000 gross/year.
Now I am self-employed, and you can read more about 
At my old job we had to change passwords monthly! To make things worse we all used each other’s machines all day so we ended up using the primary user’s first name and whatever month we were in. Ie: AnnyMarch
Of course our dept only had five people. This would be nuts in a larger environment!
Good tips – I definitely need to change my passwords more frequently, and having different “categories” of passwords will be much easier. Have used the “sentence approach” before and have found it very useful.
Great article!!!!! I think I need to do some changing of my own pahsswerds.
During my years as network admin for the U.S. Border Patrol I had to teach a class on this every three months to all the new incoming agents. After giving all the same pointers you gave, I’d have to say, “Now if you write your clever new password on a Post-It note and stick it to the underside of your keyboard, it will be much less effective”. LOL, good article!
I just wrote a similar post about this!
If you want to up the geek level, make your fancier passwords 7 characters long. 7 is a prime number, which makes brute force and math-based attempts more difficult.
For those that need regular password changes, pick a digit or character and increment it for each change.
Lastly, if you can, avoid using dictionary words, so a brute force attack with a dictionary won't work. An easy rule of thumb is numbering vowels or cutting them out altogether: dogfood -> d0gf00d, or dgfd.
P.S. Some systems are wise to the number vowels since it's been around for some time.
RoboForm is free software you can download to manage and keep track of all your passwords.
http://www.tucows.com/preview/193680
i really liked this. this was really helpful! =] it doesn’t help that i haven’t slept yet and i’m reading this @ 6 am. lol i’ll probably do a passwork overhaul tmrw.