Skip to content Skip to main navigation Report an accessibility issue

OIT News

The Importance of Password Rotation

There's no security without U. Images of hands typing on a keyboard.

What is Password Rotation? Password rotation refers to the changing or resetting of passwords at regular intervals. The goal is to limit the lifespan of a password, reducing the risk of unauthorized access. By doing so, we condense the window of time during which a stolen password remains valid. 

Why Is password rotation needed?

  • Mitigating Attacks: Regularly changing passwords makes it harder for cybercriminals to exploit them. If a password is compromised, its effectiveness diminishes over time due to rotation.
  • Reducing Exposure: Static, unchanged passwords provide a larger opportunity for unauthorized access. Rotating passwords on a frequent schedule, e.g., every 30-90 days, helps limit this exposure.
  • Best Practice: Password rotation is a universally accepted security best practice and an essential component of an overall security plan. Consistency and discipline in password changes are critical.

How often should you rotate passwords?

The frequency of password rotation depends on several factors:

  • Standard User Accounts: 60-90-day intervals.
  • Highly Privileged Accounts: Superuser accounts should be rotated more frequently.
  • Known Compromises: Immediately change the password connected to the affected account.

Read the full article in the Information Security Learning Library to learn more.