Opinion: How often should you change your password?

2 words. Password Manager. Anybody that is still writing their passwords down should be smacked. And if your password changes just update the password manager, which can usually generate one for you. It doesn't matter if I have to change any of my passwords. The only one is know is the one for the password manager. Don't use the same password for 2 different accounts. People are making this too hard.

 

I'm in complete agreement. I've changed no password in years.
The ones I've always used still work, and they haven't been compromised.

Schneier posted this already quite some time ago, btw.
Guess he decided to re-post and give it a fresh date.

Then how would you propose recovering passwords if the computer or hard drive should go kaflooey?

The writing down of them is not the problem, it's where that information is then stored that makes for a good/poor security practice.

 

The only time I change it is when I suspect my account has been compromised.

Also use LastPass for non-important sites (not banking or e-mail).

 

You would be out of luck if you only had one copy. A good question if you only have one copy. I have a desktop, a laptop and an external drive that all have a copy of the password database. Having only one written copy could have the same outcome if you only have one copy and lost it in a fire or the dog found your sticky note and ate it.

As for changing passwords I agree that there is no point unless you suspect your password may have been discovered by someone. It won't do a lot against someone trying to crack it. The one you change to may be easier than the one you had.

 

Another who agrees on not changing passwords. The only time I change any of my passowrds is if I think they might have been comprimised and at a couple of places I log in to that decide for me. The worst is one that requires I change my password every 60 days. While that is an annoyance, it's not a real problem. I just use my password manager to generate the new password. I'm not worried lossing all of my passwords, automated daily backups (to other media) and manual backups after making changes to the passsword store in my password manger ensures I will have copies.