Should I change my master password ?
Simple question: I’ve had the same master password for the past four years, should I change it ? What are the pros and cons of changing ?
Comments
-
Hey @1200gs 😊
Security experts do not recommend changing passwords at arbitrary times, as it encourages bad behaviour and offers no security benefit if there is nothing wrong with the existing password.
With that in mind, there's no real benefit to changing your Master Password when you have no reason to suspect it's been breached or compromised (provided you've not used your Master Password anywhere else other than as your Master Password)
That being said, there's no harm in changing your Master Password either on the flip-side of this conversation, either.
We try to make our security recommendations as real-world as possible. There are certain situations for which the most appropriate posture is: "assume the worst" (like never sharing your Master Password with anyone else), but there are many other situations (and this is one of them) where spreading FUD by adopting a "sky is falling" approach not only isn't accurate, the corresponding recommendations that would accompany such an approach are also not necessarily all that helpful in most cases and can actually result in some users winding up taking steps that can get them into trouble.
Now, I generally like to provide some factual documentation to back up our suggestions in cases like this, and as there's really no "article" per se from NIST directly, here's an external article that summarizes password management guidelines (which differ from the older ones from the early 2000s), along with a link to NIST'S actual new guidelines (considerably lengthier!)
0