BSI recommendation That is why regular password changes are useless

February 1st, 2020 was probably the last “Change-Your-Password-Day”. Security experts have long warned against changing passwords frequently. The Federal Office for Information Security (BSI) has also deleted the recommendation in the meantime. The consensus: changing passwords regularly is largely useless and can even be dangerous.

In the digital age, a secure password can be as important as a locked front door. This is another reason why many companies still urge their employees to change their passwords at specified times. However, it has long been known that it is extremely risky advice to change passwords regularly and thus “preventively”.

Password change only in the event of password theft

The Federal Office for Information Security has finally changed this recommendation. The new edition of the so-called “BSI-Grundschutz-Kompendium” no longer contains a corresponding passage. You will still need to change your password if the password gets into the wrong hands. February 1st was the last “change-your-password-day”.

EXTRA: Cyber ​​security & data protection: Every fifth employee is afraid of making mistakes

Weak passwords are preprogrammed

For several years now, a consensus has developed among IT security experts that changing passwords regularly does more harm than good. Above all, users do not replace the old one with a new, secure password. Rather, the old one is slightly modified or, for the sake of simplicity, an insecure one that is easy to remember is chosen. A study by the Potsdam “Hasso Plattner Institute” (HPI) proves this and shows that the Germans proceeded extremely risky when choosing their passwords in 2019 as well. The specialist portal Heise Security writes for example:

“You can use a good password for years without hesitation.”

Although the Federal Office has meanwhile also removed the obligations that prescribe fixed rules for length and complexity, the well-known rule still applies: the longer the password, the better. Under no circumstances should users use the same password for multiple services. If you find it difficult to remember complicated passwords, you should use a password manager.

Source: Teleschau

Leave a Reply

Your email address will not be published.