For Subscribers

Do You Really Need to Change Your Passwords Every Three Months? Short answer: Yes. Here's why.

By Mikal E. Belicove

Opinions expressed by Entrepreneur contributors are their own.

Q: Do I really need to change my passwords every three months?

A: Yep. Let's face it, when it comes to online security, the weakest link is our collective refusal to create, memorize and change our passwords every 90 days, as the National Security Agency's Systems and Network Analysis Center suggests.

The only solution is to use a different password for every single site you visit, according to Tara Kelly, who co-founded Passpack, a web-based password-management provider that was later sold to Utah-based Kemesa Holdings. With the surplus of sites we enter on a daily basis, the only way to remember all that information is to not have to remember it at all.

"That's what password managers are for," Kelly explains.

We asked her to elaborate on password best practices.

Is there an alternative to memorizing complex new passwords every 90 days?
Consider using a password phrase. Instead of, for instance, "gaga72013," use a whole sentence, along with spaces and punctuation. Something like "Lady Gaga rocks my world!" is strong, and it'll bring a smirk to your face every time you type it in.

But what if a site doesn't support password phrases?
This is where a password manager can be put to good use. Many password managers are free, and they not only store your passwords, they also generate complex monsters like "4C!rhxn-KAnw&w5" for you. You only need to enter your master key password once to open the password manager, and it takes care of entering the rest of your passwords.

Some people talk about creating their own informal password algorithms. Is this something you recommend?
While it's better than reusing the same password across sites, it's not as safe as a completely random password or a well-constructed pass phrase. One example of a password algorithm that people frequently use is (name of site) + (birth year) + (cat name). In this case the birth year and cat name never change; the only thing that makes the password unique is the name of the site, which is different for every site you log into. Problem is, password algorithms can be easily reverse-engineered, especially if a hacker targets you specifically. Once the attacker discovers your system, it doesn't matter that each password is unique. They can easily figure them all out.

Mikal E. Belicove is a market positioning, social media, and management consultant specializing in website usability and business blogging. His latest book, The Complete Idiot’s Guide to Facebook, is now available at bookstores. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Franchise

She Quit Her Corporate Job to Sell a Refreshing Summer Staple — Then Made $38,000 the First Week and $1 Million in Year 1

With nearly $40,000 in first-week sales and $1 million in her first year, DeSario Turner's story is a blueprint for success.

Business News

Meta Is Reportedly Offering Up to Nine-Figure Pay for Researchers on Its New Superintelligence AI Team

Meta CEO Mark Zuckerberg, 41, is overseeing the hiring of staff for the new 50-person team.

Franchise

The Hottest Industries Today

Our list of the franchises best positioned for growth, even in uncertain times.

Business News

Citigroup Is Giving Employees a Remote Work Perk This Summer: 'A Quieter Time'

The bank says its hybrid work policy gives it a recruitment advantage.

Growing a Business

Celebrating Juneteenth Isn't Just for Black People. How Companies and Other Employees Benefit, Too.

Celebrating Juneteenth isn't just the right thing to do — it's a meaningful opportunity for companies and employees to foster inclusion, reflect on progress and strengthen workplace culture.