I think advice to change passwords regularly is bad!

Nope, makes sense to me. A secure 13 character password with capital letters, numbers, and symbols would take thousands of years to brute force.

You shouldn't use the same one on every website though, obviously.

If every security firm, analyst, expert etc... Says your wrong, your more then likely wrong !!

I read that Paypal hackers will watch your account for weeks, sometimes for months, to gauge the activity so they can strike when they can maximize their take.

Actually, Robin has a point! Let's look at this logically!

1. Maybe you have a keylogger, or virus. Changing your password, or merely logging in is STUPID!
2. Ongoing, Changing your password is just DUMB! It increases the chance of hitting a group they try, and breaches of all sorts. ALSO, you will get less adept at it.
3. OK, NOW you cleaned your system. SUPPOSEDLY, the viruses and/or loggers, etc... have been removed!

What about changing the password NOW?

WELL if you NEVER had a breach, or your system is still infected, it is DUMB!

If your system is still infected, MAYBE it will frustrate things, MAYBE!

If your system is now clean, it makes what they have WORTHLESS!

So I think they suggest changing your password constantly merely because you NEVER know when there is a breech.

Steve

I agree somewhat and rarely change my own strong passwords.

But one critical thing it protects against is hacks against your service provider.

Big hacks like Target get lots of media but many sites are hacked and userids/passwords stolen and sold around the"dark web" with little news or alarm.

Changing your password regularly makes any password information that may have been stolen invalid. As opposed to rushing and changing it when you read "... servers hacked and a million passwords stolen".

Another thing to realize is if you login with an email and password, hackers will immediately try that email/password combination at other sites that use your email as a login. Like facebook and gmail.

If you really want to use secure ids/passwords and use different user names, differnt passwords and change passwords frequently then I'd use a password manager that does all of it automatically and securely for you.

So you work someplace that requires a password change every 3 months. They require at least 10 characters, at least 1 upper case, 1 number and 1 character.

Then they say "Oh, don't write it down!"

Just how the heck are you supposed to remember a password like hgY6sw2/F9 without writing it down? LOL.

Actually though, I do have a PW system that allows me to use strong PWs and also remember them. But most people I know don't. They write them down.

I had some up and down letters with numbers for my password, but still it is hard to remember for every site with unique password.

Passwords are boring.
That's why I dig the TouchID sooo much.

For example, game streaming platform Twitch was just hacked and lost username/password combinations.

If you use Twitch you have been compromised.

If you use the same username. email or password on any other sites then they are also now vulnerable because hackers have your login details from Twitch.

Twitch warns users of possible hacking incident - Technology & Science - CBC News

My computer was hacked with a keylogger some time ago because I got sloppy and didn't scan it with AV/AS frequently enough. Sure as heck, as soon as I updated my AS software and scanned, the AS found the keylogger and deleted it.

The hacker, who was from China, had stolen the password from one of my email accounts and had sent spam to my whole address book. Luckily, I only had seven contacts in that account, six of which were other email accounts of mine. That was how I found out the account had been hacked into: I received an awfully written spam from my own account. As a professional writer who takes pride in what I write, I was horrified to see something so poorly written be associated with me (even if it came from a hacker).

After that, I started using a password manager, LastPass. It keeps all my passwords and generates difficult-to-guess passwords for each login account I have. I only have to remember the master password to get into my account. Of course, nothing is perfect and if someone ever hacks into LastPass....

You might also want to try using a password-protected spreadsheet to keep track of all your passwords, including the date you created them, so you can update them whenever you want. Of course, you'll have to take the spreadsheet with you if you plan to login into any of your accounts while you're away from your computer. Or you can store the spreadsheet "in the cloud" so you can access it from wherever you are--but it could potentially be stolen that way. As I mentioned before, no system is perfect.

Regardless, it's always good practice to update your passwords from time to time and make sure you update your AV/AS software and scan your computer regularly. The two things go hand in hand more than you could imagine.

Well I think changing password frequently is bad also.. just imagine that everyday you change your password. How about when you forgot your password because you change it everyday. I experienced that there are so many password that I created and now I am struggling to remember the updated one. Just try to type password that cannot hack the others. Put a very long password.

I think it was Edward Snowden (?) who said you should use pass-phrases rather than passwords. Something like a favourite saying, an in-joke or something like that. Mix up capital and lower case letters in that phrase and add a number or two.