There’s a lot of advice out there for proper password management. Each of your passwords should be strong and unique, you should use a secure password manager to store them, and you should use two-factor authorization to add an extra layer of security to your accounts. There’s one piece of advice, though, that’s a bit of overkill. A lot advice has been given about changing your passwords often — sometimes as often as every 3 months — but the truth is, it’s not actually doing anything to help your security. The reality is, good passwords don’t usually need to be changed. It only makes sense if your passwords are compromised. After all, if no one knows your password, why change it? There’s no reason any of your passwords should be guessable. If a hacker is able to guess your password, it’s a bad password and you shouldn’t have been using it in the first place. None of your passwords should be crackable by a computer. A good password — one that’s strong and unique — is inherently uncrackable. For example, “Lifehacker” takes 8 seconds to crack, while “Lifehackerecaughtcalm” takes centuries. If your password is strong and unique and takes longer than a human lifetime to theoretically crack, there's no need to change that password in 3 months time, a year, or ever unless you're presented with an actual threat.
