What’s your strongest password?
Don’t worry, we’re not looking to log on to your Facebook account and ghost post that you heartily endorse Donald Trump and definitely want his babies. We just want to make sure you actually remember the thing.
After all, considering today’s generation are signed up to many internet accounts – three types of social networking, one for the App store, another two for email (work and personal), and another for banking – it’s no surprise we're constantly changing passwords.
You may have also seen a rise in mandatory password changes. Forced by either overzealous work admins or simply because you forgot the one you had, anyone would imagine these changes to 'stronger' passwords were keeping our online identities safer than ever.
Well not according to Lorrie Cranor they're not. In fact, the Chief Technologist for America’s Federal Trade Commission and a computer science professor at Carnegie Mellon believes they might actually be putting you more at risk of being hacked. Writing on the FTC website, she explained:
“There is a lot of evidence to suggest that users who are required to change their passwords frequently select weaker passwords to begin with, and then change them in predictable ways that attackers can guess easily. Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases. (And even if a password has been compromised, changing the password may be ineffective, especially if other steps aren’t taken to correct security problems.)
So there you have it, whether it's born from a reluctance to stray too far from your tried-and-tested Password123 (or whatever you’d scribbled on your hand in Biro), or just because you're subliminally sick of changing it, the more frequently you are asked to input a new password the lazier your brain becomes at crafting the alternative. So in future you might want to try sticking to your old one for as long as possible.
Additionally, Cranor also ponders as to whether companies responsible for mandatory password changes might be best changing tack:
‘Mandated password changes are a long-standing security practice designed to periodically lock out unauthorized users who have learned users’ passwords. While some experts began questioning this practice at least a decade ago, it was only in the past few years that published research provided evidence that this practice may be less beneficial than previously thought, and sometimes even counterproductive.’
Keep safe out there, people.