You’ve probably heard that familiar “change password” advice a lot: If you bank online, change your password on a regular basis. Change it now, change it often; you can’t change it enough.
But provided you have a strong password, that advice is actually outdated. So, how often should you change your bank password? Read on for some guidelines and advice for creating a strong password.
How often should you change your bank passwords?
Several years ago, you’d get advice suggesting that you should change your bank passwords every three months.
You don’t hear that as much for a lot of reasons. For starters, changing bank passwords can get onerous. In fact, some experts suggest that if you change your password too frequently, you’ll make your money less safe because you might be more prone to coming up with easy-to-remember (and easy-to-hack) passwords.
In fact, three cybersecurity experts contacted by Yahoo Finance all said generally the same thing: You actually don’t have to change your bank password at all, provided it’s a really good password.
“I don’t think it is generally necessary to change your password more than once a year,” said Steve Weisman, senior lecturer of law, taxation, and financial planning at Bentley University in Waltham, Mass., and author and creator of Scamicide.com, a cybersecurity and identity theft information website.
“As long as the user implements a long and strong password, and that password is unique to that specific account, then there really isn’t any other reason to change it,” said Robert Siciliano, the CEO of ProtectNowLLC.com, a company that offers cybersecurity employee training.
Fred Scholl, associate teaching professor of cybersecurity and director of the cybersecurity program at Quinnipiac University in Hamden, Conn., also concurs that if you have an adequately intricate password, you really don’t need to change it.
That said, experts agree that there are caveats to these guidelines. For instance, Weisman and Siciliano both say you should immediately change your password if your bank has had a recent data breach.
Tips for creating a strong banking password
There are a number of ways you can create a strong password. Some dos and don’t include:
Do: Use a complex password. Your password should contain more than 12 characters, according to Scholl. That’s in line with what Google recommends.
Don’t: Use the same password for all of your websites. If a hacker figures out one password for your banking website, they can now get into all of your accounts.
Don’t: Use names of pets in your password. If a hacker has been stalking your social media, they know the names of your pets. Now, it’s another story if your pet-themed password is broken up with symbols and numbers. “Rover123!” would be a lousy password, but “Ro!ver$#@123!” would be much better.
Don’t: Use the word “password” in your password. You’ve probably heard that, but it’s done often, and hackers know it. It’s also not recommended to go with something like, “pass1@word.” The hackers are well aware of those tricks, too.
Do: Use a password manager. Scholl is a fan of storing a strong password in a password manager — a software program that stores your passwords in your phone or device for you — since you’re not going to remember multiple, complex 12-character passwords. “Some are free, some are low cost,” he said.
So instead of trying to think of something creative and hack-free and then remembering it, you let the password manager do the creating and remembering for you.
Do: Use a passphrase. If you don’t want to use a password manager, Siciliano suggests going with a passphrase. A passphrase can be a very strong password, and it can be your ticket to not having to change passwords every few months.
“A passphrase such as ‘I love Harleys’ could be turned into ‘1Love1986!Harleys,’ which would be considered long, strong, hard to hack, and hard to crack,” Siciliano said, adding: “That is, of course, as long as you’re using a different passphrase for every account.”
Bottom line
It may help to think of yourself as being in a partnership with your bank. Your bank is presumably doing everything it can to keep your money safe. And if you do your part by developing a strong password, going through the “change password” hassle should be a rare thing going forward. Between the bank’s own security measures and your strong password, your funds should be completely safe.
