Why changing your password often can be bad

For most of us, and especially at work, we realise the importance of changing a password regularly.  Hackers might have figured the password out or staff may have left. But new research suggests that being forced to change your password regularly can actually do more harm than good. Here’s why being forced to change your password often can be bad.

Your password strength becomes weaker

Coming up with new passwords every few months means that you:

  • come up with easy to remember passwords,
  • tend to follow a pattern for each password linked to an account,
  • link old passwords to new ones by changing a few letters or numbers or
  • use the same password for multiple accounts.

Using factors like the ones above, researchers could predict how users would change their passwords for 41 percent of the accounts in less than 3 seconds using a relatively low-powered computer. The researchers also determined passwords for 17 percent of the accounts in fewer than 5 guesses. – Washington Post

[Tweet “Here’s why being forced to update your password is actually bad”]

Despite this, by no means should you never change your password. You should! But just not as often you might think.

changing your password
No matter how secure your password is, if you forget to sign out it is useless. Although Facebook status updates are fun.

When is changing your password a good idea?

  • if you share your password with a friend (you never know what someone might do)
  • someone who had access to the password leaves the company or no longer requires access
  • if you think you have given your password to a phising website
  • if your password is weak
  • if you think someone might have seen you type in your password

TOP TIP: if you change your password, make sure you change all of your accounts where you have used that password. Hackers will probably know which accounts you have and will try use the same password on those accounts.

How do I create a stronger password?

  • don’t ever use any of the passwords on the worst passwords of 2015 list, especially not password
  • make sure your password contains a mix of lower and upper case letters, numbers and special characters (most make this a basic requirement)

Ensure that you don’t fall prey to these bad password habits, that could make you vulnerable to hackers.

Alternatively, avoid the hassle and use a master password keeper and password manager, like Last Pass.  This means you only have to remember one password and you can use it on any device.


I'd love to chat to you some more.


I usually send out a weekly mailer with a recap of blog posts but also some personal anecdotes. If you want to know about competitions or just catch up in a more personal setting then you might like to receive the mailer.

Enter your email and get the scoop first: