Changing your passwords regularly is important, right?  Frequent password changes are intended to increase computer security, but users hate having to do it.  The most commonly used passwords are password, 12345, qwerty, and abc123.  Surprisingly, a recent study done by a Microsoft researcher states that changing your password is not necessary for password security.  He claims user education is not working and scheduled password updates offer little benefit in exchange for the effort and time they require.

In the report, Cormac Herley says “Security advice is a daily burden, applied to the whole population, while an upper bound on the benefit is the harm suffered by the fraction that become victims annually. When that fraction is small, designing security advice that is beneficial is very hard. For example, it makes little sense to burden all users with a daily task to spare 0.01% of them a modest annual pain.” The full report can be found here.

Some websites even prompt users to change their password often.  Passwords can be stolen through phishing or keylogging and once a password is stolen, the strength of it is irrelevant.  If a hacker obtains a password they will most likely use it immediately and not hold onto it for weeks or months.  Use different, complex passwords for each of your accounts and consider using a password manager that can generate them for you.  Some users even write their new password on sticky notes and put them on their computer, which is not a good idea.  Have a password that is easy for you to remember but not easy to guess.  The strongest passwords contain both letters and numbers and have some upper and lower case letters.  Many websites even show password strength meters, which give users an idea of the quality of their password.  The study also calculates that a task like changing a password and requiring one minute per day from every working adult in the U.S. costs about $15.9 billion per year.