A: According to NIST (one of the federal groups tasked with creating best practices for cybersecurity), there is no longer any recommendation on password aging. That doesn’t mean it’s not a bright idea to do so, just that there are no recommendations.

The recommendations for passwords are:

  • Use a different password for every site and service.
  • Use only strong passwords – defined as 15 characters or more.
  • Use 2-Factor Authentication whenever it is available.

I add the following recommendation:

I can hear that voice in the back of your head screaming A different password for every site, and a minimum of 15 characters? No way I can remember these!

Life is far too precious to waste any time remembering passwords. Instead, let technology do it for you with a Password Manager. I’m fond of https://www.lastpass.com. Let the Password Manager create your passwords, remember your passwords, and auto-enter your passwords.