How often should I change my online passwords for maximum safety?

Here are my best practices for online passwords:

  1. Do not reuse passwords with different accounts. Ever. There is a major, often successful cyber attack pattern used against those people who reuse passwords.
  2. Create a unique, long, complex password for every website where you have an account. 16 or more random characters is ideal.
  3. Because #2 is very difficult without some automation or manual ledger, use a high-quality, attack-resistance password manager and let it generate and store the passwords for you. Either LastPass or 1Password are good choices.
  4. Use the tutorial at the bottom of this answer to set a memorable, yet highly attack-resistant master password for your password manager.
  5. Do not change your password for any online account unless your password managers’ built-in notifications about password compromise alert you to the need to change it.

Thanks to XKCD for the fantastic cartoon tutorial!

Leave a Reply

sixteen − fourteen =