Go Update Your Passwords Right Now

Illustration for article titled Go Update Your Passwords Right Now
Photo: Michael Smith/Newsmakers (Getty Images)

Hey, you, casual internet user. Why not go and update your passwords right now? I’m not trying to boss you around or anything, but semi-frequent password changes are widely considered a great way to avoid getting hacked and having your information spilled all over the web.


Yes, bad actors break into more systems than you would think by simply guessing codes. There have been some really absurd incidents over the years in which large, prominent entities got hacked because their password sophistication was... shall we say, poor. For instance, the global security firm Gunnebo recently had its data stolen, and it’s suspected that one employee’s particularly impenetrable password (“password01”) played a role. Similarly, a Dutch hacker claims to have commandeered our ex-President Donald Trump’s Twitter account by merely guessing the PW: “maga2020!” Even the “SolarWinds” hackers apparently compromised some systems by just firing off some good guesses, according to U.S. cyber agency CISA.

Over the years, hackers have developed sophisticated methods to identify those personal details you’ve squashed together to create said cryptographic fortress (insert pet’s name plus birthday digits, for example). They commonly leverage whole suites of automated software to do this, deploying them in so-called “brute force” cyberattacks in which they repeatedly attempt to breach a system via automated guessing.

So, update your passwords! And try to remember to update them with some frequency! There’s definitely some debate as to how often you should do it, but the general wisdom is that you should update every 60 to 90 days—so every two to three months.

One of the best ways to streamline updates and keep all of your passwords safe and secure is to use a third-party password manager application like Keeper, Bitwarden, or 1Password. These apps, most of which are compatible with macOS, Windows, Android and iOS, can be downloaded onto all of your devices, where they will securely autofill login information for your accounts. Usernames and passwords are stored in a secure, encrypted cloud database. Not only that, but a password manager will frequently auto-generate strong passwords for you, updating regularly and customizing them for complexity. This does away with the simple password problem that so many people struggle with. It’s also just a really straightforward way to centralize and secure all of your passwords under one roof.

Password managers aren’t always 100% bulletproof, however (see: a recent privacy controversy involving LastPass, a popular manager that was caught using multiple web-trackers), but they are much better than putting yourself through semi-regular PW brainstorming sessions in which you struggle to produce complex codes you’re likely to forget.


Of course, there are a ton of other password security measures you can take, along with consistent updates. Two-factor authentication is, of course, always a good idea too—since it requires multiple pieces of evidence that the user is who they say they are. And, if you want to be super safe, try springing for a security key, like OnlyKey or YubiKey, which essentially ensures that the only way someone can break into your accounts is if they have physical access to your device.


Okay, that’s the end of your security reminder for today. Go, update, and be secure.

Staff writer at Gizmodo


Skybox King

semi-frequent password changes are widely considered a great way to avoid getting hacked and having your information spilled all over the web.

And this is why you shouldn’t listen to random people on the internet when it comes to security.

Forcing periodic password changes have LONG been known by experts as a stupid waste of time, that cause more insecurities than they solve. Microsoft started recommending against force password changes TWO YEARS AGO.

Best practice is to:

  • Enforce password complexity / length
  • Filter on common passwords and dictionary words
  • Enforce 2FA