Top 8 Most Important Passwords to Change
Our computer and device passwords secure everything from banking information and social security numbers to college transcripts and private messages. We might assume that our most important passwords should be changed regularly, but good password habits and password managers are rewriting the password playbook.
Password security risks for 2023
Creating, storing, and remembering passwords has become more difficult and more critical at the same time. There are five main reasons for this:
- More accounts and passwords than ever: With the average person now maintaining 70 to 80 passwords, it has become too difficult to consistently create and remember so many passwords. This has led to an uptick in bad habits like reusing existing passwords, creating very similar passwords, and storing passwords on notepads and in digital files.
- Use of various devices: The sheer volume of accounts and passwords has been compounded by the use of multiple devices, including cell phones, laptops, and tablets that all need to be secured. When personal devices are used for work tasks, company data can be exposed to more security risks.
- Remote working and travel: Our apps and accounts are now carried with us everywhere we go, which makes passwords more vulnerable to prying eyes or cybercriminals who rely on unsecured private WiFi networks to intercept data. A VPN (virtual private network) protects home workers and travelers in public settings by routing and encrypting all incoming and outgoing data through a secure portal.
- Cyberattacks: Phishing emails enticing us to click on unsafe links, malware designed to disrupt normal computer operation, and keylogging tactics that record our keystrokes are among the hacking techniques intended to compromise password security. These nefarious attacks continue to grow more frequent each year as more of our credentials end up on a scammer’s hacked passwords list, which can be sold on the dark web.
- Unprotected passwords: Writing passwords on a Post-It note or saving them in a document on your computer leaves them unprotected. Constantly forgetting and resetting your passwords is a pain, and if someone gains access to the email you use for resetting passwords, they have the key to unlock all your online accounts. Of all the tools developed to protect passwords, especially amid the uptick in cyberattacks, password managers stand apart. They generate, encrypt, store, and autofill passwords so you don’t have to, providing security, efficiency, and convenience.
Want to learn more about using a password manager?
Check out our our personal plans or get started with a free trial.
3 reasons to not change passwords regularly
Mandatory, periodic password resets have conditioned many of us to believe that simply changing a password is the best way to make it more secure, but that’s not always the case. Forced or rushed password changes can actually have the opposite effect due to:
- Similar passwords: We often make only minor changes to existing passwords, updating one or two characters in a rush. According to the NIST, these minor changes do little to improve security since brute-force attackers are aware of this practice.
- Password reuse: Reusing passwords is another natural response to forced password changes and account overload. After all, it’s easier to remember one password than 100. This habit puts many accounts at risk since they can all be compromised if that one password is poached.
- Wasted time: Frequently changing passwords and trying to remember all your new ones can be a time-consuming hassle that really adds up. It can also lead to less secure password storage habits, like jotting down new passwords in a notebook so you have them handy for next time.
3 reasons to change your passwords as needed
Are you asking yourself how to change all your passwords to more secure ones? While changing your passwords regularly is no longer recommended, there are some instances when creating a new password is a wise move:
- A company you have an account with experiences a hack or breach: Whether you hear about the hack or breach in the news or the organization reaches out to you directly, the safest option is to change the impacted account’s password immediately. Make sure it’s long, complex, and random—and nothing like your old password.
- You share an account with someone engaging in unsafe password practices: If you share a work account with a coworker, such as Twitter, or a personal account with family and friends, such as a streaming service, safe password management is even more important. If you suspect someone has unsafely shared or stored a password for one of your accounts, it’s best to update the password and notify others on the account.
- Your password is weak: If any of your passwords are not long, random, and complex, they are considered weak. This makes them easier to guess and steal. Changing all weak passwords will protect your online accounts from cybercriminals.
Want to increase your overall password strength? Get five expert tips.
Top 8 most important passwords to change
If many of your passwords are weak and need to be updated, it can be hard to know where to start. To make things easier, here are the most important passwords to change first:
Many of your most critical passwords are also among your oldest and least frequently changed, and email passwords are no exception. These passwords don’t provide direct access to financial information, but as a 2FA option, they create a path to other important accounts. In other words, an intruder can use an email account to systemically unlock many accounts. Fortunately, the Dashlane Authenticator app replaces emailed codes with rotating tokens to make accounts that are compatible with 2FA more secure.
Other dangerous, unwanted actions that can result from lost or stolen email passwords include malware or spam being sent to your contact list and personal information being lifted from your previous email messages.
If you’ve experienced fraudulent charges on your debit or credit card but failed to update the online password associated with the account, you’re not alone. Banking and credit card account passwords can also become stagnant, which can be dangerous when they consist of common and simple phrases or personal information like names and birthdates. Many financial institutions have taken proactive steps to safeguard the password security of their customers by implementing 2FA and increasing minimum password character counts.
Healthcare information like your medical history also deserves to be treated with the highest regard for privacy and password security. Under the Health Insurance Portability and Accountability Act (HIPAA) in the U.S., guidelines for 2FA implementation, login attempt monitoring, and the changing, creating, and safeguarding of passwords have been created to protect patient privacy rights. If you make appointments or check test results using an online portal, make sure your password is secure.
- Work accounts
Passwords that provide access to your work computer, business accounts, and systems are often scrutinized and controlled more closely by employers, but this does not diminish their risk or importance. Given the pre-ordained password reset intervals at many companies, 54% of workers are reusing passwords across multiple business accounts. Many businesses use password managers to reduce the risks from remote working, password sharing, and unsecured WiFi.
- School accounts
The passwords used to access online classes and grades might seem less critical, but in the wrong hands, these passwords can expose personal information like social security numbers, birthdates, and payment accounts. Schools and universities have become prime targets for cyberattacks, including ransomware, based on the deep troves of valuable data they maintain and their increased reliance on virtual communication.
- Retail and streaming services
Much like bank or credit card accounts, retail and subscription service account passwords can provide direct access to confidential financial information, along with other identifiers like phone numbers and addresses. Many retail and home entertainment account passwords, such as Netflix and Amazon, are likely to be shared with friends or family members, which increases your vulnerability if those friends or relatives are ever impacted by a cyber crime.
- Government websites
Government and accounting services, such as the IRS, maintain our detailed financial information, along with important identifiers like social security numbers and address histories. Fortunately, many of these websites have continued to strengthen cybersecurity standards by implementing 2FA, tokens, and encryption to keep password resets to a minimum.
- Dating apps
Dating websites and apps have also become targets for scammers, hackers, and imposters. Much like school accounts, dating services capture confidential client information like birthdates and addresses, along with personal photos and messages. Since many dating apps don’t offer 2FA or encryption, installing a password manager is recommended to supplement your online privacy and security.
What makes a password secure?
Here are some additional guidelines you can follow to significantly improve your password hygiene:
- Long, random, and complex: How long should passwords be? Although the number of characters is important (12 is much better than 8), the characters should also be a mix of uppercase letters, lowercase letters, numbers, and special characters to create random and complex passwords. Common words and personal phrases or numbers like your first name, pet’s name, or birth year should be left out.
How long would it take to hack my password? That also depends on the length and complexity. The best hacking software would take 34,000 years to crack a 12-character password with at least one uppercase letter, one symbol, and one number.
- Not shared unsecurely with others: Sharing passwords for retail and streaming service accounts is common. Passwords for workplace applications are also shared between employees. If an individual you have shared a password with is impacted by a cybercrime, your identity and information become vulnerable as well.
Dashlane provides an encrypted portal for password sharing that allows you to transfer password information securely without sacrificing privacy or increasing vulnerability.
- Safely stored (and encrypted): Storing passwords in a digital or physical file is the least safe option. Storing them in built-in browser password managers that back up your information on their servers is only slightly safer because these browser password managers don’t encrypt your passwords, making them vulnerable in a breach. Password managers that use zero-knowledge architecture, such as Dashlane, are safest because they encrypt and store your password data on highly secure, hosted cloud servers.
How Dashlane helps secure your passwords
The Dashlane password manager allows you to maintain all your most important passwords in one secure application. Automatic password generation and encryption eliminate the need to create, remember, and reset complex passwords for each account. Security and efficiency improve as Dashlane creates, stores, and autofills complex and unique passwords for you.
With Dashlane as your trusted partner, you will never have to worry about changing passwords again. Start using a personal plan or get a free trial of a business plan today.
- Rackspace, “World Password Day: Password Security Tips from a Cybersecurity Expert,” May 2022.
- Dashlane, “How to Stop Reusing Passwords for Good,” January 2020.
- Dashlane, “Why Every Employee Device Should Be Secured,” May 2021.
- Dashlane, “Why Do You Need a VPN? Don’t Miss These 3 Key Benefits,” August 2020.
- Security Magazine, “Email cyberattacks increased 48% in first half of 2022,” August 2022.
- Dashlane, “What the Hack is 2FA?” January 2020.
- Statista, “Annual number of data compromises and individuals impacted in the United States from 2005 to first half 2022,” August 2022.
- NIST, “Digital Identity Guidelines,” 2022.
- IS Partners, “Security Surprise: Enforcing Regular Password Changes Puts Your Organization at Risk,” August 2022.
- Dashlane, “How Strong Is Your Password & Should You Change It?” August 2022.
- Dashlane, “FAQ about Dashlane Authenticator,” 2022.
- Dashlane, “10 Most Common Passwords (Is Yours on the List?),” September 2022.
- HelpNet Security, “54% of all employees reuse passwords across multiple work accounts,” June 2021.
- Dashlane, “3 Remote Work Security Practices for Your Small Business,” October 2022.
- Poynter, “The nation’s second-largest school system was just hit by a cyberattack. Why do attackers target schools?” September 2022.
- The Guardian, “Five dating app dilemmas answered by experts,” July 2022.
- HIPAA Journal, “The HIPAA Password Requirements and the Best Way to Comply With Them,” June 2022.
- World Economic Forum, “This chart shows how long it would take a computer to hack your exact password,” December 2021.
- Dashlane, “A Deep Dive into Dashlane's Zero-Knowledge Security,” 2022.
- Dashlane, “Class Is in Session With Dashlane’s Worst Password Awards,” May 2021.
- Cybersecurity and Infrastructure Security Agency, “Executive Order on Improving the Nation’s Cybersecurity,” May 2022.
- Dashlane, “How to Erase Saved Browser Passwords: Step-by-Step Guide,” November 2022.
- Dashlane, “What Is a Passphrase, and How Can I Create One?” November 2022.