Changing your password on a regular basis can actually be bad for security.
Part of the reason is that most passwords are compromised through phishing, so their freshness and complexity doesn't actually play a role in whether they are exposed, Ars Technica reported Monday.
"I could ask people for their strong, complex password … and they'd probably give it to me," Scott Greaux, a product manager at the security firm Phishme, said in the article.
And when users are forced to change their passwords frequently, they may write them down or type them in a spreadsheet, thus making the passwords easier to find.
However, since consumers are likely to use the same passwords across multiple accounts (such as using their email password as their online banking password), there is value to forcing users to change their passwords – it avoids the possibility that one slip-up can expose every account they use.