A: According to NIST (one of the federal groups tasked with creating best practices for cybersecurity), there is no longer any recommendation on password aging. That doesn’t mean it’s not a bright idea to do so, just that there are no recommendations.
The recommendations for passwords are:
- Use a different password for every site and service.
- Use only strong passwords – defined as 15 characters or more.
- Use 2-Factor Authentication whenever it is available.
I add the following recommendation:
- Monitor https://haveibeenpwned.com and https://hacked-emails.com monthly to discover if any of your online accounts have been compromised.
- If an account has been compromised, change the password.
I can hear that voice in the back of your head screaming A different password for every
Life is far too precious to waste any time remembering passwords. Instead, let technology do it for you with a Password Manager. I’m fond of https://www.lastpass.com. Let the Password Manager create your passwords, remember your passwords, and auto-enter your passwords.