How often do you change your passwords?

[tomazyk]

So, how often do you change your passwords?

[PJC]

Once every few months.

[new2security]

Never. My password is so strong there's little point changing it.

[Noob]

Like once a year.
I don't really like changing my passwords, i lost an account once because i changed the password and forgot it the next day, then 3 YEARS later i decided to contact customer support and request a password reset and guess what . . . it WORKED.

(My passwords are quite long and i never write it down ANYWHERE so if my memory fails i'm done)

[Debby747]

I use KeePass and have a unique, strong password for each site's account.
It would take me a week to change all those... so I voted "never".

That said, there are sites where I employ easier logins.
For those I change the passwords every three years or so.

Generally I do not see the need for changes over short periods
because each account is isolated. If one should indeed get compromised,
there's not much harm done.
And it has not happened, yet. I think.

Sites/forums do get hacked though and I have then acted accordingly.

I think solutions like KeePass are perfectly essential. Indispensable, in fact!

Greetings
D.

Quote:

Originally Posted by new2security

Never. My password is so strong there's little point changing it.

Don't forget keyloggers ...

[new2security]

Quote:

Originally Posted by carat

Don't forget keyloggers ...

Knocking on wood - never had a keylogger infection. :-)

[Techwiz]

Not really sure what to put Option 7: All of the Above, maybe. If it's not sensitive I don't care so usually never or a couple times a year depending on how many times I have to reset. I'm forgetful or keepass is not with me. Sensitive information is stored using Keepass and is changed on a daily/weekly/monthly basis depend on my habits. There has been times I've had to sign in for school, so I change the password as soon as possible. While other sensitive data hardly requires no change because it is accessed once in a blue moon. I keep physical copies of my personal information in case of a disaster. I've got a couple other tricks up my sleeve, but this answers the poll.

[chrisretusn]

There is an option missing. "As needed."

I don't change my passwords unless there is a need to do so. I most cases it is because I am required to by site policy.

[Carver]

It depends which ones and the circumstances for example: using my debit card in a dodgy place where my pin can be easily seen and copied=change; Online banking change every 2 weeks; Amazon= Not so much

[Tomwa]

My passwords are incredibly long when it comes into question that my 63 character encryption key could have been cracked I'll change it. Until then how about I don't memorize incredibly long passwords regularly?

I change passwords that:

A) Haven't used/changes in a long time

B) Exist on a website carrying personal information (Paypal/Steam/Etc.)

[noone_particular]

None of the poll options really fit. I don't use the web for financial purposes. Of the sites I use that require passwords, none of them are anything I consider to be critical. None of them are tied to my real identity. Unless I see a need to change a specific password, I don't.

[safeguy]

-http://www.securitypronews.com/insiderreports/insider/spn-49-20060424PasswordChangeMythDiscounted.html-
-http://www.cerias.purdue.edu/site/blog/post/password-change-myths/-
-http://www.pcmag.com/article2/0,2817,2362692,00.asp-
-http://www.schneier.com/blog/archives/2010/11/changing_passwo.html-

I don't change my passwords on a 'periodic' or 'timely' basis. I change them when I want or feel the need to.

[Amit]

I change my password one a year.

[Amit]

Quote:

Originally Posted by Noob

Like once a year.
I don't really like changing my passwords, i lost an account once because i changed the password and forgot it the next day, then 3 YEARS later i decided to contact customer support and request a password reset and guess what . . . it WORKED.

(My passwords are quite long and i never write it down ANYWHERE so if my memory fails i'm done)

LastPass or Keepass for you my friend.

[nikanthpromod]

within 2 0r 3 months..

[Osaban]

I voted never as for all of my personal passwords I really couldn't care less if they hack me (in the sense that there is nothing critical stored on my machines, and it has never happened so far). There are however websites related to my work which require a compulsory change of password every other month or so, but its their policy really (I also stopped doing banking online since 2006 for security reasons).

[Snowden]

It really depends. Obviously, if I have reason to believe I've been compromised all would be changed immediately.

I use KeePass to manage my passwords so all of my accounts have a separate password. I probably change my master key once every other month.

[Noob]

Quote:

Originally Posted by Amit

LastPass or Keepass for you my friend.

I have been a Keepass user since a few months ago and i really like it, in fact it became one of my must have apps on any personal PC but still don't trust any program at all with my important account passwords.

[Amit]

Quote:

Originally Posted by Noob

I have been a Keepass user since a few months ago and i really like it, in fact it became one of my must have apps on any personal PC but still don't trust any program at all with my important account passwords.

Why not? KeePass is in your pc. Absolutely safe and dependable.

[Solarlynx]

It depends. At my job I have to use 2 different passwords and change them every 30 days what is very inconvenient and overdone. As for passwords to my personal staff - I change them on irregular basis.

[SirDrexl]

It depends on the site, really. I add a custom field in KeePass called "Lifetime" so I can keep track of how long the password goes before being changed, and set the expiry date accordingly.

[Seven64]

Every day

[J_L]

Why should I change my password if it remains a secret?

Seriously, changing passwords all the time is an unnecessary waste of time that may lead to less security when trying to make a (easy) new password ASAP.
Why is there such a rule (must change password every X length of time) sometimes?

[Brandonn2010]

Never, but my passwords are 20 characters long and managed by KeePass.