How frequently should you update your passwords?

Much has been made over the past few years about the growing potential in passwordless authentication and passkeys. Thanks to the near-ubiquity of smartphone-based facial recognition, the ability to log into your favorite apps or other services by looking into your device (or another method of biometric authentication, for that matter) is now a refreshingly simple and secure reality for many. But it’s still not the norm, especially across the desktop world, with many of us still relying on good ol’ passwords.

This is where the challenge lies – because passwords remain a major target for fraudsters and other threat actors. So how often should we change these credentials in order to keep them secure? Answering this question may be trickier than you think.

Why password changes may not make sense

Until not too long ago, it was recommended to regularly rotate passwords in order to mitigate the risk of covert theft or cracking by cybercriminals. The received wisdom was anywhere between 30 and 90 days.