Flexnet Networks LLC Blog

Passwords are all over the place these days, whether they’re required to access an online account, or access the devices used to open these accounts. While both types of passwords can make for ideal security conditions, this is only the case if the passwords are strong. If your passwords can be guessed by just about anyone, can you really call it a security measure? New insights from SplashData show that passwords aren’t being considered as much as they need to be.

As technology advances and allows for common pain points to be corrected, many of today’s most well-known entities will adopt new solutions to ease the experience of their customers and clients. Take, for example, eBay. The famous reselling site has been taking steps to install an assortment of new features to improve its customers’ experience.

You’ve heard it said that it’s a best security practice to routinely change your passwords. The idea here is that, if a password were stolen, then it would lose its value when the user goes to change it. While this sounds like solid logic, new research shows that it may actually be better NOT to change your passwords.

This may be a hard pill to swallow for IT administrators who have always required users to change their passwords every few months or so. However, seeing as this practice could make accounts less secure, it’s worth considering.

The idea behind this theory is that, whenever a user goes to change their password, they’re often rushed or annoyed and end up creating a new password that’s less secure. The Washington Post puts it like this: “Forcing people to keep changing their passwords can result in workers coming up with, well, bad passwords.”

Think about it, how often have you changed your password, only to change it from a complex password to one that’s easier to remember? Or, have you ever kept the same password and just added a number at the end of your new password? This covert move will do little to deter a hacker. Carnegie Mellon University researched this topic and found that users who felt annoyed by having to change their password created new passwords that were 46 percent less secure.

Plus, let’s consider the hypothetical situation of a hacker actually stealing your password. Truth be told, once they’ve gotten a hold of your login credentials, they’ll try to exploit the password as soon as they can. If they’re successful, they’ll pose as you and change the account’s password, thus locking you out of it. In an all-too-common situation like this, the fact that you’re scheduled to change your password at the end of the month won’t change anything.

Additionally, ZDNet points out yet another way that regularly changing passwords can make matters worse: “Regularly changed passwords are more likely to be written down or forgotten.” Basically, having a password written down on a scrap piece of paper is a bad security move because it adds another way for the credentials to be lost or stolen.

Whether you do or don’t ask employees to change their passwords is your prerogative. However, moving forward it would be in everybody’s best interest to focus on additional ways to secure your network, instead of relying solely on passwords. This can be done by implementing multi-factor authentication, which can include SMS messaging, phone calls, emails, and even biometrics with passwords. With additional security measures like these in place, it won’t matter much if a hacker stole your password because they would need additional forms of identification to make it work.

To maximize your company’s network security efforts, contact Flexnet Networks LLC at (432) 520-3539.

Twitter recently experienced a major hack where it saw 33 million user login credentials stolen. What may be more alarming than the hack itself is what the stash of stolen credentials reveal about users’ password security habits. Or, to put it more accurately, the lack thereof.

Your identity has quite a lot of value, especially in the wrong hands. Security firm ZoneAlarm put together some numbers in 2011 concerning identity fraud, and it even shocked us. Let's talk about a few of these statistics and what it means.