Passwords are like smoke detector batteries

smoke_detector_160213532_stdScott Wright at Security Views has this great idea regarding when you should change your passwords.

If you’ve changed your smoke detector batteries more recently than you’ve changed your passwords, then you should think about changing some of them now.

If you can change passwords more often, great. But I realize that some of us have upwards of 25 passwords to manage on a regular basis. It’s not fun having to change them all. But with the number of security breaches at websites these days, it’s only a matter of time until somebody gets one of your passwords. And if you use the same password across all your accounts, hackers will have a pretty easy time assuming your identity at places like eBay, PayPal, Amazon, etc.

That’s a great plan. Think about changing your passwords every time Daylight Savings time changes. Of course nobody does the 6 month symmetric Spring and Fall time change any more. Now it’s a lot more asymmetrical like early Spring and early Winter, and I’m guessing that it won’t be too long before we do away with Daylight Savings time altogether (or go with it exclusively).

I’ve switched from the free open source Password Safe password manager to the similarly free open source KeePass (for Windows) and KeePassX (for Linux and OS/X) password manager precisely because KeePass supports password expiration. So I have some passwords that expire annually, some semi-anually, some quarterly and even a few monthly. So I’m thinking that it would be good to try the inverse of Scott’s idea and set my smoke detector batteries to expire every 6 months in KeePass.