Generally speaking people don't change them unless they have too. [or it Someone was telling me it is a good practice to randomly change them I was thinking maybe it is not a bad idea Rocket River
Only when I get emails saying that someone tried to hack my account. I've got a bank of typical passwords I use depending on the requirements - so I'll just rotate to the next password when that happens.
At the place I work, the staff has to change their passwords every 6 months. The new passwords have very stringed rules, like it must contain a number, can't be resemble the last 4 passwords...etc. This may sound like a safe practice, but here's the thing... Because the passwords change so often, and the rules are so stringed, it's difficult to remember them. I go into offices and I see passwords written on notepads just laying on the desks. A person had it stickied on his monitor. It's an issue I might write to IT about.
I change them frequently only if they require me to do so. I use a system of mixing certain words and numbers and special characters. I don't think I have any password where I only use numbers or only use letters. I agree with this. My passwords consist of a combination of words my wife and I know already, and I combine these few words after each other with numbers she and I know, and she even knows my passwords to my work and personal stuff. I also rotate between them if they expire and add numbers she knows I will add. Share your passwords with someone you trust just in case you need for them to get to the area behind the password when you cannot. For example, to get into the account that allows me to program my DVR to record shows, my wife allows me to get in, while I allow her to read my personal email to get to documents people send me for my side jobs and businesses.
Never unless forced to. I have about 5 passwords I use across numerous sites. If they make me put something difficult to crack, then it is a password that I will forget.
kyakko nailed it. If you want to 'crack' a password -- take a good look within 5 feet of the computer, and it's probably written down somewhere. If the password rules are too stringent -- people just write them somewhere convenient (and obvious). We have actual work to do that extends beyond encrypting and managing passwords. I have a file folder by my desk labelled 'passwords' which notes all mine! On the more important ones, I might add digits or write in reverse so the list is not tooooo obvious. I never change unless forced to -- and even then I just rotate. I have about 3-4 that I consistently use.
my issue is that i used a 7 digit password.... and these damn websites always asks for 1. your password must be 8 digits long 2. must contain both alphabet and numerical digits 3. must have 1 capital letter who comes up with this garbage? let me use my password darn it
At work we are forced to change passwords every 3 months or so. And we don't get to choose what password we want, instead the thing spits out a bunch of randomly generated jumbles of characters and you keep hitting refresh until you find something that you can reasonably easy to type and remember. Pretty annoying. It helps that I have a pretty good memory when it comes to stuff like this -- I tend to memorize numbers and stuff easily so as long as it isn't something like xn328nd3 I will typically memorize it on the spot. I generally don't write my passwords down anywhere. Other than SplashID on my Palm Pre which allows me to store passwords encrypted with a 256-bit cipher, you won't find my passwords written anywhere. And I have a couple of personal passwords that I use for the more sensitive stuff like bank accounts and encrypted volumes that are strictly confined to the innermost recesses of my brain.
God, this is SO true. Where I work, keeping up with passwords is like a fulltime job. We have about 12 different password-protected programs we use - probably 4 of which we use every day. Can we just use the same password for all of them? Noooooo. Because each program has a different rule for setting them up and it's impossible to manipulate them so that they are all the same. Even if it were possible, I don't have time to eff with it. (I'm too busy posting on Clutchf.....er, uh...working) On top of that, we are constantly having to change all the different passwords. I mean like 4 or 5 times a year. Multiply that by each program and it can get very complicated (and stupid), since they never ask you to change them at the same time. Sorry, this is a huge pet peeve of mine.....
Same here at my work - I've got lots of restrictions on passwords, and mine can't be the last 8. That's how I came up with my bank of 20 or so passwords... Good news is, I combined both professional and personal passwords, and can use most of them interchangeably. I've got them all written down somewhere out of sight, locked away. I only look at it when I have to change from one to the next.
You guys are lucky; I have a total of 7 passwords at work with 3 of them that I have to change monthly. Even more restricting is that the 3 monthly ones cannot be the same as the previous 12. I'm starting to run out of combinations..... And the giant corporation that my company is under just made everyone change their PeopleSoft employee management password right now. That password changes every 60 days. Complete PITA.....
You have to use things that will NEVER change and that only you know, but you don't post these things around the office. Don't have your pets' photos in the office so people don't know these are easy to remember and try to hack your account. I suggest following this procedure: Let's say your pet names are "Kiki", "Wonder", and "Lulu." You live on 312 Elm Street. Also, let's throw in there your grandma's name "Barbara." And just for kicks, your favorite color is RED. Combine those and always remember that you can switch all those things around. Use numbers instead of letters or vice versa. You'll end up with passwords like this: 84r84r4KIKI <- combines Barbara and Kiki, and uses uppercase, letters, and digits OR LuLu3123lm <- combines Lulu, 312 Elm, and uses all required amounts and alphanumeric characters. Once they ask you to change this password after 60 days, you add a numbers to the end, like: LuLu3123lm1. In two years, it will probably be LuLu3123lm1234 or LuLu3123lm0987. Your password history will run out after "09876543" or "12345678" if you can't do the same after 8. Alternatively, write yourself a note in your cell phone (don't let people borrow it) with the last password, but don't name it something easy like "password for my PC at work" so you know you always have it with you. Of course, password-protect the file. Follow these procedures, use the same names and nicknames, switch them around, and you'll never forget them.
As a rule I never make passwords based on something close to me or something familiar. I always choose a random illogical word or two and throw some digits around them. I will even make up a nonsensical word that doesn't exist as a password. Using stuff like your pet's name only makes it easier for someone to guess your password using an intelligent brute-force attack of some sort.
