At my local bank I have setup an online account for my checking account, to monitor activity, of the 5 electronic transfers to the account I receive per month. My local bank insists that the password to my account must be changed ever month, which I have assumed was for my own safety and to protect the account from access by outsiders. I have gone along with the program for the past several years feeling that this was a great idea, even though I have felt it was a PITA. Now some are beginning to say that changing passwords may be a waste of time.
According to one study it has been concluded what many of us have suspected for a long time. According to a recent article it states that:
You will need a computer password today, maybe a half dozen or more — those secret sign-ins that serve as sentries for everything from Amazon shopping carts to work files to online bank accounts. Just when you have them all sorted out, along comes another “urgent” directive from the bank or IT department — time to reset those codes, for safety’s sake. And the latest lineup of log-ins you’ve concocted won’t last for long, either. Some might temporarily stay in your head, others are jotted on scraps of paper and stuffed in a wallet. A few might be taped to your computer monitor in plain view (or are those are from last year’s batch? Who can remember?).
Now, a study has concluded what lots of us have long suspected: Many of these irritating security measures are a waste of time. The study, by a top researcher at Microsoft, found that instructions intended to spare us from costly computer attacks often exact a much steeper price in the form of user effort and time expended.
“Most security advice simply offers a poor cost-benefit trade-off to users,” wrote its author, Cormac Herley, a principal researcher for Microsoft Research.
Particularly dubious are the standard rules for creating and protecting website passwords, Herley found. For example, users are admonished to change passwords regularly, but redoing them is not an effective preventive step against online infiltration unless the cyber attacker (or evil colleague) who steals your sign-in sequence waits to employ it until after you’ve switched to a new one, Herley wrote. That’s about as likely as a crook lifting a house key and then waiting until the lock is changed before sticking it in the door.
When I first read this article I wondered how this would have an affect on the banks and IT departments that insist passwords be changed? Will banks and IT departments agree with or revoke the survey as bunk?
I personally believe that changing passwords is a good idea. Even though it may give me a false sense of security, it does make one feel that they are at least trying to do something to protect ourselves.
What about you? Do you feel it is a waste of time or a good security measure?
Share your thoughts.