How can Frequent Password Reset Pose a Threat to your Business


By Yess Velázquez

When you’re reading or listening to advise to prevent security risks, one of the most popular is the password change or reset to have stronger and safer passwords. But, when they are changed frequently, it can threaten your account, not only for you but for business too. 

When passwords are changed frequently, not only do you need to remember the new password all the time, but you need to update it on your password manager. That time can be wasted when you don’t need to change your passwords again. Also, while changing a password, the platform or system might require you to upload personal information to validate your identity, which can also make an exposure risk to your business. 

When is it important to get a password reset?

When discussing cybersecurity, changing your passwords is a great deal since it will help you create stronger passwords to prevent cyber-attacks. But that mustn’t be done frequently since that suppose to be a great risk. Express VPN’s study on password reset researched how often people change their passwords, and the results showed that people spend hours every year making these changes. With the data and many other studies, cyber-security experts recommend changing a password every 3-5 months and immediately on these occasions:

  1. Your account has an unrecognized login.
  2. There has been a data breach on the company, portal, platform, or system.
  3. You had to use an unsecured network, such as public Wi-Fi.
  4. Your Anti-Virus has detected malware.
  5. Someone with access has been removed from the team, business, or account.

Changing your passwords more than recommended can directly affect your security since hackers can access your account more easily. Also, everyone knows that it’s tedious to remember many passwords each month because they have been changed, getting you to forget them and change them once more.  

5 steps on creating a strong password

  1.  Create a password with at least 12 characters long.
  2. Use lowercase and uppercase letters, numbers, and at least one special character.
  3. Don’t use your initials, nicknames, birthday, address, or child/pet names.
  4. Don’t use words like “password”, “qwerty”, “12345”, etc.
  5. Use the password you created only for that account. Don’t share passwords with other platforms. 

What risk does a password reset have?

To comprehend what risk implies having frequent password reset, you must understand its complexity. Cyberhackers use the moment while the password is being reset to create a data breach on the user, getting access to everything on that system. 

Imagine a company that has to change passwords for all employees, frequently being 2-30 minutes long each and losing productivity.

Many people consider that hackers aren’t watching for password resets, but they are! It’s very common for them to track these password changes since that’s an easy way to access important information. If you change your password frequently, hackers might wait for you to reset the password to access your account. 

What is the identity verification on password reset?

Due to the common cyber-attacks on password resets, many cyber experts have developed identity verification combined with multifactor authentication. However, it is still important to have a strong password that’s being changed when needed and recommended. Some of the identity verification and multifactor authenticators are:

  1. Picture of valid ID
  2. Secret Questions
  3. Biometric Verification
  4. Credit-bureau Identification
  5. Tokes for Authentication

It’s important always to have more than one security step, not only the password, because that will allow your account to be blocked even though the password has been entered in case it’s not you who’s logging in. 

5 steps on having good cyber-security

  1. Change your password every 3 – 5 months with a strong password.
  2. Activate multi-factor authenticator, such as identity verification.
  3. Use a password manager always to have your passwords in a safe place.
  4. Avoid unsecured networks such as public Wi-Fi.
  5. Don’t share your passwords between portals, accounts, or with other people.

The views expressed in this article are those of the authors and do not necessarily reflect the views or policies of The World Financial Review.