You must use a password. But it is not enough.
Let me explain what I mean. Without a password anybody could have access to your computer and all the information you have stored on it. Having a password makes it more difficult for most people to get into your computer. However, individuals who have spent any time learning about computers know how to get around your password protection. It’s not as hard as you might think. To someone that has pursued this course of action, it can be done in less than 30 min.
So, when somebody tells you that you should change your password every month, go ahead and do that if you wish, but there is no reason to feel good just because you did not. How often do you change the keys to your house? Or do you go out every month or two and get a new set of keys for your car? Of course not. Likewise, there is no substance to the idea that changing your password regularly makes it more secure. It does not.
Put it this way. If somebody has compromised your password and note how to get into your account, they’re not going to take to three weeks to go ahead and help themselves to your data. They can get the data off your computer in a matter of minutes or even an hour. Just because you change your password doesn’t mean they will not get into your account. If they found your password once, they’ll do it again.
I was going to give an example of a very important government agency that had their network compromised by a foreign agency. But before I could get all the details posted, something happened to my post and it just disappeared. Really. I’m not making that up, so I’m not going into any more detail about what I was thinking about. But the point is this: even very powerful institutions have found that there network security is not as good as it should be.
And by the way, and she was not really about passwords all. It was something else which we will not discuss here.