Spycloud: Frequent Password Changes Are Not the Best Solution
Sergey Stelmakh | 10/18/2019
Ted Ross
It is generally accepted that changing passwords frequently guarantees a higher level of security. However, Ted Ross, CEO of the information security company Spycloud, believes that it is better not to do this, writes the portal eWeek .
Speaking at the recent NetEvents conference in San Jose, California, Ted Ross surprised the audience by questioning the need to change passwords frequently. He said the only time to do so is when chile mobile database have been compromised. The problem with changing passwords, he explained, is that people tend to choose passwords that are easy to remember, which means they are also easy to guess. When they need to change their passwords, they choose variations of the old password. “We found that the database of leaked passwords is so large that criminals only need to find the old password,” Ross said. “People change their passwords to ones that have already been compromised.”
His words mean that old passwords accumulate on the darknet and can serve as a starting point for testing variants. By comparing several passwords, hackers can see patterns in how a user changes passwords, which makes their job much easier. The more often a user changes them, the more likely it is that one or more versions of old passwords will be discovered. The situation is aggravated by the number of sites that require passwords to log in. “On average, a user uses 200 sites. Remembering such a number of passwords is almost impossible,” the expert said.