Gizmodo gives poor password advice

Gizmodo gives poor password advice

Gizmodo gives poor password advice

On Friday, popular tech news site Gizmodo published an article with the title: “Go Update Your Passwords Right Now”:

Hey, you, casual internet user. Why not go and update your passwords right now? I’m not trying to boss you around or anything, but semi-frequent password changes are widely considered a great way to avoid getting hacked and having your information spilled all over the web.

Well, I don’t agree with the advice from Gizmodo.

I think the time to change your password is if you believe there’s a good reason to change your password – for instance, if you think your password may have been breached, or if you believe you may have chosen a weak password or reused the same password in multiple places.

Check out the video I made four years ago on this very subject.

Should you really change your passwords frequently? | Graham Cluley

Enforcing or encouraging users to change their passwods can lead to people falling into the trap of choosing weaker passwords rather than strengthening their security.

Imagine, for instance, working at a company where you are asked to change your password on the first day of every month.

Workers could all too easily grow fatigued of conjouring up (and remembering) new passwords and find themselves choosing passwords like:

    bananajan
    bananafeb
    bananamar

and so on…

EmailSign up to our newsletter
Security news, advice, and tips.

No less an authority than NIST, the National Institute of Standards and Technology, has also advised against companies and services requiring users to change their passwords unless there’s a good reason:

Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.

When there are good reasons to change your passwords, you should definitely change them – and make them strong, hard-to-crack and unique. I recommend using a password manager to generate random passwords and to store them securely for you.

But if you don’t need to change your passwords, maybe you shouldn’t.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *