In CEO World Magazine, 4iQ CEO Monica Pal discusses the use of mandatory periodic password resets and why it may be an outdated practice. Although there are legitimate reasons for companies to enforce password updates, many times it is unnecessary.
Experts have argued that it causes individuals to create weaker passwords as replacements, undermining the reason for resetting the password in the first place.
Having unique, complex passwords for all your accounts (a password manager can help with this), using multi-factor authentication when possible, and not sharing your passwords with other people are just some of the ways you can mitigate your risk of a breach.
The security world is adapting: last year, Microsoft dropped its password-expiration policy, no longer recommending forced periodic password changes. The National Institute of Standards and Technology issued guidelines in 2017 for password management, noting that industry best practices now call for fewer password changes. It is in a company’s best interest for employees to keep their strong password than begrudgingly switch to a weaker one. Experts are even starting to discuss alternatives to passwords, such as biometric authentication, biological measurements used to identify individuals, or microchipping.