Are Password Changes a waste of time?

It’s one of the most hated popups in the computer user’s world.. The message says “You must change your password to continue” and users really hate it. Most companies now require some frequency for passwords to be changed but does that move really provide increased security?

A recent study by Microsoft shows that it really doe not provide better the security your Technology department has hoped for, because once a password is compromised thieves use it almost right away and don’t wait 30, 60 or 90 days for it to expire.

But here’s the Boston Globe article that says “Please don’t change that password..”

My bottom line:

1. Don’t use those super simple passwords like “password” (there are over 100 of these.. I’ll provide a password test later)
2. Change your password immediately if you even think it might have been compromised (don’t wait for something bad to happen)
3. It doesn’t help to keep changing passwords, especially if you have to have them written down everywhere (at work & home) It’s better to
have 2-3 good ones that you can remember, than 8 you have to have on sticky notes..
4. Don’t use one password for everything, it would be like one key that opens your entire life (like losing your wallet or purse with everything in it)
5. If you can’t remember all your passwords, remember 1 good one and use a secure password manager software for the others (more on this later)