InfoSec Blog - When Should I Change My Password?


January 10, 2017

Passwords are a staple to the security of the information contained in our accounts.  Their demise has long been predicted, but they continue to have an important role.  At the U of G you use your Central Login Account often and it gives access to most of your work information.  The password is the gateway to your account, you type it often, and the key sequence often enters our subconscious, procedural memory. When should we change something which is so much a part of us?

  • At least once per year. More often on some critical systems. You could make this a New Year’s resolution, and keep it right away!
  • If you have logged in at one or more untrusted Wi-Fi sites, such as hotels or airports.
  • When you have accidentally clicked on a suspicious link e.g. from a phishing email
  • When CCS InfoSec notifies you that your email address was associated with an external breach, such as a website. Note: we recommend strongly not to use your email address to register at external websites not directly required for school or work.
  • When you can’t remember how long ago it has been since you changed it.
  • If you have shared your password with anyone, used your UofG password for another site, or saved it on a shared computer. (Note: We recommend/have policy against all these practices!)

Finally, we would recommend not to change the password at a time when you do not have opportunity to get used to the new one.  A Friday afternoon, or just before a holiday is not generally the best.  Remember too, that you may have mobile devices which automatically check your email, which will have to be re-synchronized.  

Written by: Gerrit Bos (IT Security Officer, CCS Information Security)