Don’t bother changing your password every 30 days

January 18, 2018

Security is at the top of the agenda at the moment and we’re all doing all that we can to ensure that the security of our businesses and our identity is maintained.

The biggest threat to IT security are weak passwords. We all know this, and therefore we put measures in place to ensure users conform.

An integral part of an enterprise password policy (and password management best practice) has always been to enforce a password change at regular intervals.

The logic is that if you change your password frequently, anyone who gains unauthorised access to your account won’t be able to do so for long.

However, I’m not sure that regular password changes actually increases security.

Typically, attackers won’t hold onto your password for an extended period of time and snoop on you. That’s not profitable. They’ll take action as soon as they have access to an account.

Regular password changes results in weaker passwords

Changing your password regularly makes it more difficult to remember good passwords. Rather than create a strong password and remember it, you must attempt to remember a new password every few months.

Often this will result in weaker passwords or the password being written down and ‘hidden’ under the keyboard. Worse still, on a sticky note on the computer screen for everybody in the office to see.

Also, people generally don’t change their password much when they expire. Instead, they “transform” them just enough to get past the security protocols e.g. “Name1 to “Name2”

It’s already almost impossible to choose a strong, unique password for every account that you have; and remember them. If you change your password every few months, you are likely to end up using weaker passwords or reusing them across multiple accounts; increasing the risk of a security breach.

Changing your password is a good idea … sometimes

When you become aware that your password has been compromised, or if you have shared your password with a friend or colleague; you should change your password right away.

Password changes in response to specific events are a good thing. If an account in your office has become compromised, it’s worth considering a password change for everybody.

If you use the same password elsewhere, and that service is compromised, it’s possible that your password is leaked too. Rather than change that single password regularly, you should deal with the real problem here and use unique passwords everywhere.

What you should be doing

My advice is to follow best practices with password management and to set hard to crack passwords to begin with. It’s much more important to use strong, unique passwords everywhere than to change your password regularly.

Some of our partners…

We partner with the leading providers of hardware, software and cloud technology, such as…

What our clients say…

Thank you to the Tustone team for always being there, for resolving our IT issues, making recommendations, and keeping our data safe.

Managed IT Support Services
Chartered Accountants based in Bedfordshire

A first class company that is run by dedicated IT professionals who strive to provide a fast and comprehensive service.

Network Infrastructure Services
Online Marketplace

Top team, extremely efficient & effective in what they do, would highly recommend.

Cloud Services
Estate Agency in Bedfordshire

Excellent, proactive support from a professional and approachable team.

Managed IT Support Services
Chartered Accountants based in Hertfordshire

Talk to us today

Contact us direct

By phone

Give us a call on 01582 240333

By email

Our sales team is available on

By post

Tustone Technical Services Ltd
Unit E3 Basepoint Innovation Centre
110 Butterfield

By social media


Or let us contact you