Passwords are a serious problem for everyone. We all have dozens of online accounts, each with its own password to remember. Often people use the same password repeatedly, putting all of their accounts at risk of breach. And many of us take the opportunity to set our passwords to ‘never expire’.
But this could be a major mistake.
Why do passwords expire?
By forcing users to change their passwords regularly, service providers reduce the window of opportunity for hackers to automatically ‘crack’ accounts. It takes time and effort to ‘guess’ a keyphrase using password cracking tools, so shortening the time between changes makes it less likely hackers will succeed. In theory, changing passwords regularly allows you to stay ahead of the crackers.
But users have a habit of forgetting their passwords – especially when they change regularly. This is annoying for the user and the service provider because the password must be reset, which takes time and resources.
This makes it even more tempting to set passwords to ‘never expire’ if the option is offered.
Why you must not set passwords to ‘never expire’
Setting passwords to ‘never expire’ increases the window of opportunity exponentially. Hackers now have unlimited time to crack accounts, dramatically increasing the risk of compromise and the associated bad things that may happen (loss, theft, black mail, ID fraud etc).
What should you do instead?
There are a few ways to better protect yourself and make life ‘easier’.
2FA authentication
One option is to enable Two Factor Authentication (2FA) on your account. This authentication technique requires a password and a second token, such as a 6-digit code sent to your mobile phone or an authenticator app. This technique can, in theory, be used safely with a ‘never expire’ password because hackers are unable to acquire the second token.
Use a password manager
A tool like Panda Dome Passwords can be used to store all of your passwords securely. The tool remembers every password for you – even when they change regularly. Simply follow the usual password update procedure and save the new phrase in your password manager ready for the next time you need it.
Best of all, you can use 2FA and a password manager together.
Don’t provide hackers with opportunity
Selecting ‘never expire’ passwords without additional safeguards is like giving hackers an invitation to hack your accounts. Cybercriminals are constantly looking for insecure accounts. And those with ‘never expire’ passwords are often among the easiest for them to compromise.
Using 2FA and a password manager offer a much safer, effective alternative.