Skip to content
Support Us

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Skylines

You know the advice about changing passwords often? You're likely doing it wrong

We’re not exactly great at coming up with new and original passwords.

WHEN IT COMES to password security, you’re sometimes told to change your password regularly so your account is safe from anyone who tries to access it.

The logic is as follows. If you’re changing it regularly, then it’s harder to guess what your password is and therefore harder to access your account.

It turns out it’s a flawed idea according to one security expert, the US Federal Trade Commission’s chief technologist Lorrie Cranor, who confirmed it at a security conference in Las Vegas recently.

The problem with this advice is it assumes you’ll change your password completely. Most people won’t go to that effort. Instead, they’ll just change a character in their old password.

They might replace a small character with a capital letter, or just add an extra letter or number to the end. Instead of a new password, they are using a slightly modified version of an old password.

“The UNC (University of North Carolina) researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation,” Cranor said at the event. “They take their old passwords, they change it in some small way and they come up with a new password.”

The research she’s referring to a UNC study from 2010 which looked at 10,000 expired accounts from employees or students who were required to change their passwords every three months (they obtained the cryptographic hashes which protect these accounts).

The data included the last password used and passwords that changed over time. One of the most common patterns they found was how how often people would just change or add a character to their existing password.

These slight changes are what hackers and other bad actors rely on as they’re easy to guess. Developing a program which automatically guesses the most common passwords is usually one way for someone to gain access to accounts.

That’s not to say you shouldn’t change your password ever, but the aim is to make it long and random. Also, if you’re reusing the same one for different sites – which is a terrible idea – you should change that immediately. Using a password manager to help remember complex passwords is one of the best ways of solving this.

Read: Another major security flaw has been discovered on Android phones >

Read: Want to try out new phone features before anyone else? Sign up for beta testing >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
6 Comments
    Install the app to use these features.
    Mute Chris Murphy
    Favourite Chris Murphy
    Report
    May 27th 2023, 10:56 AM

    Having worked in an IoT for 14 years I never understood how they were allowed to treat hourly paid staff in such a horrible way. The hard working hourly paid staff are absolutely abused and taken advantage of and the tenured staff and unions do nothing.
    New hires (full-time) are expected to start on ~€38k even if they were earning over double this in the private sector. Attracting talented lecturers is clearly not a goal for management. In the next few years this will come back to bite them, hard!
    Unions should be ashamed of themselves. Hourly paid staff need to strike en masse.
    Management and HR need to be held accountable.

    81
    Install the app to use these features.
    Mute Tom D
    Favourite Tom D
    Report
    May 27th 2023, 11:16 AM

    @Chris Murphy: To quote a teacher union rep in the US “when schoolchidlren start paying uinion dues, i’ll start representing the interests of school children”

    20
    Install the app to use these features.
    Mute John ward
    Favourite John ward
    Report
    May 27th 2023, 9:37 AM

    Irish colleges have been slipping down the rankings internationally. You can’t attract or keep top people if you don’t value them.

    80
    Install the app to use these features.
    Mute thesaltyurchin
    Favourite thesaltyurchin
    Report
    May 27th 2023, 10:11 AM

    ‘The Institution will never love you back’

    29
    Install the app to use these features.
    Mute Dan Dare
    Favourite Dan Dare
    Report
    May 27th 2023, 4:52 PM

    Administrators, facilities staff, yes pay them more but lecturers, professors, etc why would they be paid more? They are paid the market rate. It’s a competitive industry.

    10
    Install the app to use these features.
    Mute Pat Redmond
    Favourite Pat Redmond
    Report
    May 28th 2023, 8:29 AM

    @Dan Dare: it takes approximately eight years to get to PhD level with a lot of sacrifice and determination. If we want to retain this talent and not lose them to more attractive offers abroad we need to get real.

    26
    Install the app to use these features.
    Mute valerieh
    Favourite valerieh
    Report
    May 28th 2023, 8:57 AM

    @Dan Dare: It is not about salary per se. It is about discriminatory practices that make obtaining a secure contract and later promotion to a sustainable income unimaginably damaging to someone’s physical and mental health.

    10
    See 2 more replies ▾
    Install the app to use these features.
    Mute Dan Dare
    Favourite Dan Dare
    Report
    May 29th 2023, 7:47 PM

    @valerieh: As far as I know pretty much all new staff are taken on as contractors / temp staff in the 3rd level ed sector. This is something the majority asked for to temper the salary boom in the public sector about 15 years ago when the whole place went sideways. To my recall the sector took huge pay cuts that they haven’t pulled back yet. To be honest if lecturers want to be paid more they should deserve it because there are a lot of other people waiting in line for the money they sacrificed.

    1
    Install the app to use these features.
    Mute Dan Dare
    Favourite Dan Dare
    Report
    May 29th 2023, 7:50 PM

    @Pat Redmond: Yes PhD has always been the definition of the poor student and we definitely aren’t friendly to this demographic here. I agree their accomodation etc should be paid for and so on so that they can pay it back when they qualify and do all that fancy research that drives the economy, however if they are good they will still be poached, prob for the betterment of humanity admittedly but it is a hard sell to ask stretched people to pay more for this. Hungry mouths to feed and all.

    1
    Install the app to use these features.
    Mute Winston Smith
    Favourite Winston Smith
    Report
    May 29th 2023, 10:04 PM

    Sinn Féin used to stand up for tradesmen, labourers, factory workers, small farmers and the all the lower paid working class. Now all they care about is lecturers, solicitors and the like.
    They really have sold out on every single thing.

    10
    Install the app to use these features.
    Mute honey badger
    Favourite honey badger
    Report
    May 27th 2023, 7:48 AM

    *do

    3
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.
JournalTv
News in 60 seconds