Many times, online services ask you to change your password every two or three months to keep your account secure. In fact, it is a very controversial security measure, as many are the ones who think it completely wrong.
The Federal Trade Commission chief technology officer, Lorrie Cranor, broke the legend earlier this week at a security conference in Las Vegas.
Technologist argued that services requiring periodic password changes could have opposite effects, making your code less secure. The reason is that when users are required to change their password, they end up using their old password with a little change.
It is possible to change a lowercase letter into a capital letter. Or, an additional letter or character could be added to the end. Researchers call these small "transformations" tricks, and hackers know very well about them.
Thus, the crackers of crackers can predict these script transformations and cracking routines.
"UNC researchers have indicated that people who had to change their passwords every 90 day use a pattern and do what we call transformation," Cranor said, according to Ars Technica.
"They get their old codes, change them in some way, and they have a new password."
Cranor relied on a UNC survey by 2010 that checked data from 7700 accounts that needed to change their passwords regularly.
Security expert Bruce Schneier fully agrees.
"I've been saying for years that it's not good security advice to encourage bad passwords."
This does not mean that it's not a good idea to change your password. If your password existed in the data of a significant violation like LinkedIn, and you use it on other service pages, you will of course have to change it.
A large (with many random characters (small & uppercase) and numbers) is harder to break, as it limits the chances of guessing it and adds it to a dictionary that crackers use