Changing your password every now and then is no longer a good idea Security experts consider the practice outdated
Nowadays, it is necessary to have a password, or several passwords, to be able to access the different websites and services we use. A combination of letters, numbers and symbols make up these passwords, which must be as secure as possible. It has become normal to have to change your password periodically because it is assumed that it has been leaked, having to invent a new one that meets these requirements.
But this is somewhat outdated. This was judged by the National Institute of Standards and Technology (NIST). An organization from the United States that aims to issue recommendations on how to have the most secure accounts possible.
Changing passwords is a thing of the past.
In order to see the latest recommendations issued we should go to the initial public draft of the Digital Identity Guidelines .
What they're saying with this text is that today there are many services that we are registered to. And passwords are not the only identification system we have. We now have two-factor authentication systems or passkeys that make our face or fingerprint the password we use to access digital services.
This way, when we are asked to update our password for a short period of time, we will have to enter weak passwords that are easy to remember. But on the other hand, if we use a password that we know we will not have to change, we will make it stronger and longer.
The really important thing is to have a long enough password, even if it only has uppercase and lowercase letters. If we look at the Hive Systems report that shows how long it would take to brute force a password, a 12 or 13 character password with uppercase and lowercase letters would take 2,000 and 75,000 years respectively to crack.
Currently, companies are not required to implement these NIST recommendations on their digital services. However, it sets a precedent for eliminating the old practice of changing the password from time to time and creating a password forever, as well as focusing on using Passkeys as an alternative to traditional passwords.