February 1st is recognized as National Change Your Password Day annually.
It’s good to have reminders to change your passwords, as organization’s often should have setup for your logins and accounts.
However, it is also important not to be complacent. It’s easy to fall into a false sense of security that your logins and accounts are safe by just changing your password once a year.
Traditional password policies that mandate password changes at arbitrary intervals, such as every 90 days, can inadvertently weaken security.
Users often resort to predictable variations of previous passwords, making them more susceptible to attacks like password spray or brute force.
Meanwhile, we know that no organization or sector is immune from being the target of a cyber attack. There is an increased focus on attacks on third-party services and vendors. This is especially true in areas like data storage, file transfers and even password management tools themselves.
However, it should obvious you can’t rely on just changing your password once a year to protect your logins and organization.
There are many reasons why changing your password once a year with a prompt isn’t enough to protect your accounts and maintain strong cyber posture individually, and as an organization:
How passwords get hacked
- Weak password creation
- Re-use of old passwords or modifications to old ones
- AI allows cyber criminals to crack most moderate levels of passwords easily
- A 2024 study revealed that 45% of analyzed passwords are cracked in under a minute using AI-driven methods.
Advice For National Change Your Password Day
Changing passwords on National Change Your Password Day isn’t a bad idea. Your organization needs the right policies enforced to support strong passwords and protect them.
There are better ways to bolster your organization’s cybersecurity posture.
Use National Change Your Password Day to implement other important password protection habits that enhance your cyber posture both individually and as an organization.
- Password Managers: These tools generate and store complex, unique passwords for each account, which will reduce the use of similar, old and weak passwords.
- Cyber Hygiene Training: Educate staff on best practices, such as the ability to recognize phishing attempts, how to create strong passwords.
- Multi-Factor Authentication (MFA): The addition an extra layer of security will ensure that even if a password is compromised, unauthorized access is prevented.
Instead of relying solely on periodic password changes, adopt these proactive measures to significantly enhance your organization’s security.
Regular cyber risk assessments are necessary for critical and sensitive networks. They provide you with partner that has the best tools to identify potential vulnerabilities. Those vulnerabilities include inadequate passwords and password policies, and where you might already have been compromised.
Let’s work together to help make sure your cybersecurity strategy is better than just changing your password on National Change Your Password Day.
Other Resources
- National Change Your Password Day: Do More Than Just Change Your Password
- Protect What Matters Most: Make Data Privacy Day Count
- Don’t Let Cyber Threats Disrupt Your Networks During the Holidays
- Cyber Insights and Lessons Learned from 2024 Cyber Attacks
- CJIS Security Policy Updates: Changes for Public Safety & Law Enforcement