If you always put off changing your passwords until tomorrow, then February 1st is the perfect opportunity to break the procrastination cycle – it’s Change Your Password Day.
Here are five reasons why you should change your passwords now, and then keep changing them regularly.
1. Prevent Saved Passwords Abuse
Because we deal with a myriad of passwords, we tend to save some of them somewhere – either the ones we use the most to avoid repeatedly typing them, or the ones we use less often and could forget.
In the best-case scenario, we save passwords in the digital safe of a password manager, and in the worst-case scenario, in our browsers.
Regardless, every solution we use to save our passwords can get hacked. The series of breaches that affected LastPass in 2023 is a good example.
Regularly changing your passwords will allow you to limit your personal attack surface by rendering previously saved passwords useless for hackers.
2. Limit Multiple Account Breaches
Imagine your passwords as the keys to different padlocks securing your online identity. If all the padlocks use the same key, a breach of one leaves all exposed. That's the danger of password reuse.
By changing your passwords regularly, you create a unique key for each lock, minimizing the potential impact of a single breach.
Make it a habit to swap those keys often, and you'll significantly limit the damage from any rogue digital locksmith.
3. Prevent Credential Stuffing Attacks
Credential stuffing is a cyber-attack where criminals attempt to gain unauthorized access to your online accounts by using stolen login credentials, like usernames and passwords.
Today, the cybercriminal world is full of people specializing in hack-and-leak attacks in order to sell breached databases on the dark web. Other threat actors then buy these databases and use the credentials to conduct bulk or targeted attacks.
This was what happened to genetics testing firm 23andMe in October 2023.
Speaking to Infosecurity, Elliott Wilkes, CTO at Advanced Cyber Defence Systems (ACDS), insisted that these breaches affect all sorts of services and websites. “If you’ve ever checked yourself using a breach report tool, you’ll realise that many of the sites you use have had breaches in the past five to 10 years, so if you have an old and unused email address, you have an acute risk of your account being compromised using those old, leaked credentials.”
Frederick Coulton, head of product at human risk management provider CultureAI, said it is even more important when using passwords at work: “When an employee uses the same password across multiple places, it means that if one of those sites experiences a security breach, there is a significant risk of unauthorized access to other applications. The more the password is reused, the more opportunities there are for that password to be compromised or stolen.”
Regularly changing your passwords allows you to avoid getting hacked because you had been using a service breached a few weeks, months, or years ago.
Read more: Is MFA Enough to Protect You Against Cyber-Attacks?
4. Avoid Getting Blamed
In a surprising turn of events, 23andMe blamed some of its customers for the breach of highly sensitive genomics data on its systems.
In a written reply to Tycko & Zavareei LLP, a law firm representing victims of the breach in a class action lawsuit, the DNA firm accused users whose accounts were accessed of “negligently” recycling and failing to update their passwords.
The DNA testing firm argued this allowed the attackers to launch a credential-stuffing campaign using usernames and passwords accessed in separate breaches.
This response was not always well-received in the cybersecurity community, with many denouncing victim-blaming behavior and the lack of accountability from the firm.
I'm cynical about how most companies handle cybersecurity incidents.
— John Scott-Railton (@jsrailton) January 4, 2024
But I'm left staring in puzzled wonderment at @23andMe finding a way to victim-blame their users for a massive breach.
By @lorenzofb h/t @RachelTobac https://t.co/PJnzeTYe66 pic.twitter.com/3RDEa77Cso
However, regularly changing your passwords could prevent you from being in this situation in the first place.
5. Stand Out From the Crowd
Although regularly changing passwords is repeatedly advised by security experts and during security training, it seems that this habit hasn’t yet translated into widespread behavior.
According to GetApp’s 2023 Data Security Survey, 38% of UK-based employees use the same password for numerous accounts.
This statistic aligns with what human risk management platform provider CultureAI has seen over the past three months.
Coulton commented: “Out of the millions of logins to shadow Software as a Service (SaaS) applications analyzed by the CultureAI Platform over the last three months, it found that 38% of employees were logging in using a password they already use on other apps. Amazon, Google, and Microsoft were among the most impacted apps, all of which store highly sensitive data.”
Regularly changing your passwords places you on the first line of your organization’s security.
Darren Guccione, CEO and co-founder of Keeper Security, concluded: While no one likes updating their passwords, Change Your Password Day is a great time to recognize and enforce this critical best practice.”
