Does changing your password really make a difference?

img_2014-10-07_Gizmodo

IDENTITY

One of the most common pieces of advice in the wake of a major security breach is to change your password. Often. Let’s take a look at a competing argument: Don’t change your password because frequent changes won’t really keep you safe. The basic gist is this: regularly changing your password gains you nothing because if you’re not already compromised, you’re just swapping out a secure password for another secure password.

Earlier this year, Kirk Lennon published a blog espousing this point of view. But it’s nothing new. In 2010, Computerworld offered similar advice, and in 2012, Gizmodo published this tongue-in-cheek piece balancing security needs with sanity.

If someone compromises your account through script hacking, they’ll most likely change your password immediately to solidify their control of your account. Ultimately, frequent password changes offer minimal security benefit with more inconvenience. And the more often you change your password, the more likely it is that you’ll either choose a weak password, one that’s so complex that you won’t remember it, or one that is recycled from another web app.

This is not to say that you shouldn’t ever change your credentials. If you accidentally forget to log out on a public computer or share your password with someone whom you no longer trust, by all means change it. But, as a rule, if you have a strong password and haven’t been careless with it, the passage of time will not make the password less strong.

So, to change the password or not to change the password? There are compelling cases to be made on both sides.

Silo ends these arguments. If you’re using Silo, you never have to enter your credentials. You just log into the browser in the cloud, and we connect for you over a secure connection. When you finish your transactions or work, just close Silo and the session information is immediately deleted.

And for businesses that use Silo for their employees, it is even more powerful. Let’s say you have to let an employee go. They’re not happy, and you’re worried that they may log into the system and take sensitive data or commit some kind of sabotage or other harmful act. Terminating their access to corporate web apps and other services is a simple matter of toggling a switch within Silo. Instead of terminating several different accounts across multiple platforms -- a potentially time consuming task with plenty of opportunities to miss something -- you just have to click a single button.

Whether you use Silo, a password manager, multi-factor authentication, or some other enhanced security measure, the fact is that passwords just aren’t enough to keep you secure anymore. And a strong argument can be made that changing passwords every three or four weeks won’t keep you any safer. It may, however, give you a headache.