Security tip: Don’t change your password March 7, 2007Posted by Matsu in Information Technology, Security, Software, Technology.
If you have used computers for very long, you probably know that it’s a ‘best practice’ to change your passwords every few months. Well, according to this article in the January 2007 edition of Science News magazine, in the future it will be better to keep your old password longer and not changing it will make it more secure. Let me tell you why.
Back in World War II, allied forces learned to identify individual Morse code operators by the way in which they tapped out the dots and dashes. Everyone has a slightly different ‘accent’ and those differences could be discerned after monitoring the radio traffic long enough to get used to it. This ended up helping the allied forces as they could then tell when the enemy operators were moved and then assume that troops were also on the move.
How does this apply to today’s technology? The article talks about ‘digital fingerprints’ and the various ways that a person could be identified by the way in which they type or their writing style and even by their web surfing habits – how they use the mouse, where they click, etc. You should read the article if any of that interests you.
The one technique of monitoring the precise timing of one’s typing style (the pattern of taps and pauses between letters) is what could be used, in combination with knowing the password, to strengthen security in the future. That way, even if someone guessed your password, unless they typed it exactly the way you type, they would not be able to gain access to your account. And, the longer you use the same password, the better the computer would be able to recognize you because it would have more sample data to compare it against. In that situation, changing your password would mean that the computer would have to learn all over again the various ways you type that word or phrase and it would not be as secure as the password you used for six months or a whole year. Therefore, not changing your password increases security.
Finally, I should say that unless you are using this new technology (one such product can be found here), you should change your password at least a couple of times a year, if not more often.