Question: When or how often should we change our passwords? A coworker told me they never change their password, and I feel like that is a security risk. Nebraska Subscriber Answer: Cybersecurity experts recommend changing your password every three months, but you should change the password immediately if you or your healthcare organization experience a data incident or cyberattack.
Every organization should practice good cyber hygiene. Creating long and complex passwords for every website you visit, email account, and network you’re a part of will help ensure better security. However, if remembering a long, complex password is difficult, you could think about using a password manager to securely store every unique password you create. Certain password managers will do the heavy lifting for you and generate a distinct password using the requirements of the website. One of the biggest mistakes one can make when changing their password is using a password that you already have tied to another account. Repeating a single password with another account — even if the password is strong — puts the new account at risk. “If attackers guess your password, they would have access to your other accounts with the same password,” explains the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in their recommendations.