Passwords are a pain, but they're the only thing keeping hackers and snoopers out of your accounts. That's why each account needs to have a strong, unique password, and why many people say you should change your passwords regularly.
According to the Federal Trade Commission, however, that last bit of advice might not be the best. Lorrie Cranor, the FTC's Chief Technologist, did a study on students and faculty at Carnegie Mellon University, who are forced to change passwords every 3 months, and uncovered something surprising.
Her research found that people who are required to regularly change passwords create easy-to-guess passwords or re-use the same password for multiple accounts. In fact, users who get annoyed at regularly changing their password make new passwords that are 46% easier to guess than people who aren't annoyed.
She also found that in cases where hackers know your previous password, 41% of them time they can guess the new password in seconds. That's because many people use the same predictable pattern for passwords or just a variation of their old password. That's a big problem if you're changing your password because your current one was exposed in a data breach or you had a data-stealing virus.
The FTC recommends only changing your password if you're worried it has been compromised. And when you do, come up with a completely new password that doesn't have anything in common with your old password.