Why does the bank want to force me to change the password for online banking?

[Pawelk198604]

Those that currently use is sufficiently long and difficult, I myself came up with it, and I had difficulties to remember it, but the bank thinks I'm using it too long and that I should change it is recommended that the "cyclic change of password"

[Javster]

Change it to something like a random combination you write down, then change it back?

[ZedNova]

Memorize it phonetically.

If your password was: graf54n

then you'd memorize it like this: "golf-romeo-alpha-foxtrot-five-four-November"

i find it easier to remember it this way so i can't confuse one letter with another.

[KOCOUR]

No matter how long and difficult your password is, there is a risk that if some thief/wannabehacker with right software focuses on your bank account, he will eventually crack the password. Thats why big companies and banks encourages theyr employes and customers to change theyr passwords after certain periods of time.

In my company we have to change paswords on our computers every 3 months.

My bank encourages me to change my internet banking account password every 6 months.

[Seret]

One way to generate a long password that's easy to remember is to use a sentence. For example you could use: "I live in a blue house with my son. His name is Bob and he is 9 years old.", taking the first letter of each would generate "Iliabhwms.HniBahi9yo.". That's a reasonably strong password, and should satisfy any complexity requirements while being quite easy to remember.

[Nibb31]

It's good practice to change your password on a regular basis.

Personally, I suggest using Keepass to generate and manage your passwords. That allows you to use strong passwords and to keep different passwords for every website or service, which is even more important than the strength of your password. You can keep the database in the cloud, so that you can access it from anywhere, but be sure to use double encryption to keep it safe.

[42undead2]

Reminding you of this, just for anyone who needs it:

[Superfluous J]

I can never remember what that guy's password is in that xkcd cartoon, and I can't imagine memorizing 30 of those.

I just use LastPass. Works great and I don't have to think about it.

[pxi]

Password rollover is useful in some scenarios, such as where a third party may be using an account that is not theirs to maintain access to your system. In that scenario, you should in principle be able to limit how long the non-authorized party may have access to the account.

Of course, this is optimal if the password is auto-generated and passed some way to the authorized user, as opposed to having the 'end user' change the password themselves.

Considering that if your account has already been compromised, say via a keylogger or RAT installed on your desktop, changing the password on that machine likely will not mitigate the compromise. At that point it's basically security theatre.

EDIT:

I don't actually mean to come off as being negative about this practise, it is one of many steps that you can take to safeguard yourself. Security is never a one-shot thing, and needs to be a blend of different strategies.

Edited June 26, 2014 by pxi

[Alchemist]

As a chemist, I often use different compounds for passwords... sometimes I know what compound was there, but have trouble figuring how the heck I spelled it (you know, in different languages that differs a bit...)

But what I hate about the "required password change" is that it may appear when you are in completely no mood for remembering such things. Which sometimes results in personal visit to the bank next time you need something