Really, how often should you update the passwords for your banks?
The adage is no longer relevant.
You’ve undoubtedly heard the well-known “change password” recommendation a lot: if you bank online, make sure to change your password frequently. You can’t make enough changes, so make them now and often.
Though the likelihood of having your bank account stolen is increasing, that advice is actually out of date if you use a strong password. The Federal Bureau of Investigation reports that in 2023—the latest year for which these figures were compiled—the Internet Crime Complaint Center (IC3) received 880,418 cybercrime complaints from the general public in the United States, with claimed financial damages exceeding $12.5 billion. That constituted a 22% rise in losses and an approximately 10% increase in complaints over the previous year.
Anecdotally, one of the biggest banks in the world, JPMorgan Chase, has reported that there has been a noticeable rise in cyberattacks on its financial institution.
Thus, how frequently should your bank password be changed? Continue reading for some pointers and suggestions on how to make a secure password.
How frequently should your bank passwords be changed?
The internet is full of contradictory advice, in part because outdated information is mixed in with more recent recommendations. It used to be customary, a few years ago, to receive instructions advising you to change your bank passwords every three months.
There are several reasons why you don’t hear that as much. Changing bank passwords might be tedious, to start. In fact, according to some experts, changing your password too often may make it easier for hackers to steal your money because you’ll likely use passwords that are simple to remember and quick to guess.
Actually, according to three cybersecurity specialists that Yahoo Finance consulted, you don’t really need to update your bank password at all—as long as it’s a strong password.
According to Steve Weisman, senior lecturer in law, taxation, and financial planning at Bentley University in Waltham, Massachusetts, as well as the creator of Scamicide.com, a website that provides information on identity theft and cybersecurity, changing your password more frequently than once a year is generally not necessary.
Robert Siciliano, CEO of ProtectNowLLC.com, a company that provides cybersecurity staff training, stated that “there really isn’t any other reason to change it as long as the user implements a long and strong password, and that password is unique to that specific account.”
Fred Scholl, an associate teaching professor of cybersecurity and the head of Quinnipiac University’s cybersecurity program in Hamden, Connecticut, agrees that you probably don’t need to change your password if it is incredibly complex.
When is the right time to update your bank password?
Everyone acknowledges that the advise to “change password” has some limitations. According to Scholl, a strong password should ideally be difficult, and multi-factor authentication should be supported by your bank. At that point, your bank uses more than simply a password to confirm your identity. For example, your banking organization may offer facial recognition or text you a one-time code to use your bank app.
Weisman and Siciliano agree that if your bank has experienced a recent data breach, you should discard the advise to change your passwords once a year or never. You would then change your bank password right away.
Otherwise, there’s no need to change your password frequently if your bank is as secure against hackers as it likely claims to be.
Advice on how to make a secure banking password
You may make a strong password in a variety of methods. Among the dos and don’ts are:
Do make your password complex. According to Scholl, your password should have more than 12 characters. That is consistent with Google’s recommendations.
Don’t: Enter the same password on every website you own. A hacker can now access all of your websites if they manage to crack the password for your banking website.
Don’t: Make your password contain pet names. Your pets’ names are likely known to a hacker who has been following you on social media. If your password with a pet theme is broken up with digits and symbols, that’s a different situation. “Ro!ver$#@123!” sounds like a far better password than “Rover123!”
Don’t: Make your password contain the term “password.” That’s probably nothing new to you, but hackers are aware of how frequently it’s done. Additionally, using anything like “pass1@word” is not advised. The tricks are also widely known to the hackers.
Use a password manager, please. You won’t remember several, intricate 12-character passwords, so Scholl suggests keeping a strong password in a password manager, which is a piece of software that keeps your passwords on your phone or device. He remarked, “Some are low cost, some are free.”
Therefore, you allow the password manager to create and remember passwords for you rather than having to come up with something original and hack-proof and then remembering it.
Do: Establish a passcode. Siciliano advises using a passphrase instead of a password manager if you’d rather not use one. You may be able to avoid changing your passwords every few months by using a passphrase, which can be an extremely powerful password.
As long as you use a distinct passphrase for each account, Siciliano explained, “a passphrase like ‘I love Harleys’ could be turned into ‘1Love1986!Harleys,’ which would be considered long, strong, hard to hack, and hard to crack.”
In summary
Imagining yourself as a partner with your bank could be helpful. Presumably, your bank is making every effort to protect your funds. Additionally, if you take responsibility for creating a strong password, you shouldn’t have to deal with the inconvenience of changing it too often in the future. Your money should be totally secure thanks to your strong password and the bank’s own security precautions.