Discussion in 'polls' started by progress, Jul 22, 2009.
How often do you change important passwords? Important can be defined any way you like
Three to 6 months except for banking which I change out 1x per month.
I have so many passwords that I just create strong ones.
I don't bother with changing them.
I create 10 character passwords of letters upper and lower case with a few numbers. How can you decide when its time to change a password. If someone starts trying to crack your password 5 minutes after you create it, then you should have changed it already. But if no one tries to crack it for 5 years, should you change it?
my passwords consist of both cases alphabets,symbols,numbers
which requires years to crack
Same as others have said, I create strong passwords (20 characters, upper & lower alpha and numbers), unique for each site, and don't need to change them.
Clients Network Security changes them every 3 months. I am not going to do that here. Strong password is good enough. If you think someone drop in on to one of your boxes you can always unplug the network cable.
FYI: Password Recovery Speeds - How long will your password stand up.
Some financial institutions require you change you password every ninety days. Not a bad idea.
I differentiate between passwords for encrypted data that requires physical access (e.g. TrueCrypt) and online passwords.
The odds that someone could steal my TrueCrypt password AND gain physical access to be able to use them are somewhere between slim and zero (closer to zero). Even if my passwords to my on-site data were stolen (e.g. keylogger), that stolen information would likely be lost with the passage of time before it ever becomes a risk. People who steal data with keyloggers want an instant and easy payoff (e.g. online banking, credit cards, etc.).
As far as online passwords, I'm less inclined to care about that than my local computer passwords. In all cases I use strong passwords that can't be guessed. So, the only way to get them is to steal them. If someone steals my bank account passwords, paypal password, etc., I'm likely to just shrug, call my bank to dispute the charges, and move on. The fact is, you would have to change your password between the time it's stolen and someone decides to use it. My guess is that would be a narrow window.
So, the answer is never for both cases.
In most cases I do not change my passwords. For important sites I use the max length allowed up to 20 characters. Less important sites normally 8 character passwords. For some sights I've used the same password for over 9 years.
If there was an option for as required, I would have picked that. Several services I use require frequent password changes.
I use Lastpass and generate 20 character long passwords with random characters so I dont have to remember them once a year maybe, if I feel for it for some sites, I change them. Maybe I should do it more often since it is so easy when I dont have to remember them.
As Ronjor said, a few of mine require a 90 day change.
So I just change them all every 90 days.
Strong passwords with mixed case, numbers, and special characters (when allowed by site).
Do you change your password every ninety days as well?
I create 15 character long passwords and change them every 2 months.
Only when I forget them .
I only change passwords when needed. One of my current password is 36 Letters, Numbers, Special char's, tho Not many programs or sites allow them to be this long. I have passwords for things that mean nothing and 3 different passwords for things that do. The strength of the password depends on what its being used for.
Only @ work every three months because we're forced to, otherwise never. Mine are typically 8-10 characters, mixture of lower & upper case, at least one number, no words found in the dictionary. Good enough for me, as I'm not the government or CIS.
Like once a year, anyways i only have like 2 important passwords so it's easy
There is something ironic in individuals telling the entire world how often they change their important passwords, on a site dedicated to computer security.
You think that's strange. Here's the password I use for all my financial institutions:
Now, the reason I feel this is safe, even though I never change my passwords, is because you people don't know who I am. And you don't know which financial institutions I use. Good luck using it.
I only use very secure passwords and I change all of them once a month.
One person voted daily I would go nuts ...
I voted once every six months but it's more like once a year, because I think they are pretty secure.
Never for me. With the exception of a few but only for other causes other than security reasons.
Separate names with a comma.