Changing Passwords

Options
kram5819
kram5819
Community Member
in Lounge

Hello,
I have over 170 passwords in my 1password I like to have at least 30 character password minimum with symbols numbers letters, so they look like the made up not used password below

vb?],.aZMJxW=9y5L33b!QG45vMXiMhg#% <<

Not all the websites that I save passwords in allow for a long password, some websites only allow for 15 character passwords. I wonder why those websites don't allow for a longer, stronger password.

Those weak passwords that are less than 25 characters, I change every 6 months.

Having the very long & very strong password that also is protected with two-step authentication is a smart thing to do.

I use2 fa on everything that I possibly can, as well as never EVER reuse a password on any website.

Is it necessary to change your passwords every few months when you have a strong password.

I am curious what your opinion is.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • [Deleted User]
    [Deleted User]
    Community Member
    Options

    @kram5819 Websites rate limit password guessing attempts. Even 15 character passwords brute forced by coordinated simultaneous attacks on multiple servers would take centuries to crack.
    So, as long as you're using truly random passwords that have not been used anywhere else, there's no reason to change them. That is, unless you believe the website has been compromised or you've been tricked into entering one into a phishing site.
    In either case it's best to change the password as soon as you are aware. However, in the phishing case the password and 2FA passcode could be used in real-time to lock you out of your account. So the only real protection is "phishing proof" 2FA, like a hardware security key.

  • Jack.P_1P
    Jack.P_1P
    Options

    Hi @kram5819:

    We don't recommend changing passwords for no reason other than a certain amount of time having passed, as long as:
    1. Password is already long and secure (preferably generated by 1Password's password generator)
    2. You don't suspect it's been breached (no alerts in Watchtower or similar, and no "oops" on your behalf like posting it somewhere or sending it to someone else)

    Jack

  • kram5819
    kram5819
    Community Member
    edited September 2021
    Options

    Jack
    kind of what I figured all of my passwords are unique and as long as possible if some websites have security protocols where you can only use 15 or so characters I change those often when it comes to using 1password I use 30 plus character passwords with symbols and numbers, and they're all unique no two` of them are the same.
    I use two-step authentication on everything that I possibly can, I use Authy as my two-step authenticator, I've been very happy with authy I've been using authy for a couple of years now, and I haven't had any problems.

    I appreciate you getting on the fourm here and giving me your opinion, it's greatly appreciated

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    On behalf of Jack, you are welcome @kram5819. Likewise, thank you for sharing your setup with the community :+1:

This discussion has been closed.