IT Questions? Get the Answers: 2/22/2023

QUESTION: Do I really need to change my passwords so often?

ANSWER: The short answer is yes, but there are several things to consider. Online security and vulnerability does not have a yes or no answer, it is a question of how much security you want or need on a long scale of vulnerability. Your password is like the key to a door. How well you protect that key will depend on the value of the contents behind that door.

Something valuable like access to your bank, confidential business information, or your social media identity should be protected more aggressively than your streaming music account.

It would be nice to have a high level of security on our entire online presence, but there is a tradeoff. Higher security introduces more inconvenience. Changing your password every day makes it very hard to hack into your account, but it also makes it very inconvenient for you, needing to change and record a new password every day.

So how can we protect our passwords without needing to create a new one every day? Understanding how to create a strong password will go a long way. A password of just numbers, ten digits long, or just lowercase letters 7 letters long can be hacked just about instantly. That same 10-digit password, if numbers, uppercase, and lowercase letters are used now takes seven months to crack. If you add symbols, a 10-character password takes five years to crack.

This is where the idea of a passphrase works well. Trying to find a word that is 10 letters long is difficult, but a short sentence is easy. Especially if you add in capitals and replace some of the letters with numbers and symbols. If you have an eighteen-character passphrase that uses upper and lowercase letters, numbers, and symbols, it would take seven quadrillion years to hack. Trying to remember a passphrase made of letters, numbers, and symbols for every website would be an arduous task. You can leave that job up to a password management

system, which will be a topic for another week.

If you have questions regarding your online security, contact your local IT professional.