Skip to main content
Dashlane Logo

Changing Passwords: Best Practices for Remote Workers

Originally published:|Last updated:|Dashlane

Over 25% of U.S. workers are now primarily home-based. The convenience and flexibility of remote working have been balanced by new IT challenges such as access management, cybersecurity training, and mixed-use devices or BYOD policies. Changing passwords when necessary is part (but not all) of the solution for remote workers and their employers.

Password management issues for remote workers

Managing dozens of passwords and accounts can be challenging under any circumstances. The average internet user has 240 online accounts that require a password. Remote working has brought some new twists that can compromise password security without the right tools and focus.   

  • Greater risk of hacking: Shifting the workplace to an environment once reserved for personal activities was bound to have some challenges. The sense of complacency found in home offices is chief among them. Passwords that were once securely stored and unique might be left in the open, stored on browsers, or reused often because of a perception that nobody is watching anyway. This magnifies the impact of hacking, phishing, and other cybersecurity threats to home-based workers when:
    A VPN isn’t used (unsecured networks): Home and public WiFi networks are inherently less secure than wired or wireless networks in secure office environments. Using a VPN (virtual private network) addresses this risk by encrypting all data going into or out of a device and routing it through a secure portal.
    Devices are used for business and personal applications: When the same devices are used for personal and work life, it can be difficult to control what apps and websites employees use. Company data can fall into the wrong hands if a mixed-use device is lost or stolen or a personal password is compromised. Clear and concise BYOD policies should be put in place if device mixing is permitted.
  • Cloud collaboration: Working from home no longer means working alone. Cloud-based file-sharing and collaboration tools have exploded in popularity, but they create new avenues for compromised data and passwords. Each new tool requires a password of its own, and passwords shared over these open platforms can be vulnerable to cyberattacks since the files and messages exchanged on many collaboration platforms are stored indefinitely.
  • Getting locked out of accounts: Lockouts due to lost, forgotten, or expired passwords can become a headache for IT teams. Along with the familiar reset-it-and-forget-it password loops that impact both remote and on-site workers, remote employees are more likely to experience lockouts due to cached credentials on local devices that create password disparities for employees not directly connected to their company networks.
  • Onboarding and offboarding remotely: Onboarding employees remotely can be difficult since many introductions, training, and computer setup processes have traditionally been performed in person. Gaining initial access to necessary accounts can be a major pain point for new hires. Offboarding remote employees can be equally challenging since BYOD policies and remote interaction with IT teams make it harder to ensure all business data, devices, and passwords are accounted for when employees leave. 

Want to learn more about using a password manager for your business?

Check out Dashlane's password manager for small businesses or get started with a free business trial.

Best practices for changing passwords for remote and hybrid workers

Remote workers might feel like working solo in a home office gives them an edge when it comes to privacy and password security, but that isn’t the case. Establishing password change frequency best practices as part of a global security culture requires the cooperation of all employees, whether home-based, on-site, or hybrid.

  • How often should passwords be changed? Despite the mandatory password changes many companies have implemented, there are no set rules for when you should change passwords. Many companies established the 30/60/90-day reset intervals based on risks from weak passwords and password reuse, but 2-factor authentication (2FA) and more robust password safety practices have made these rigid intervals unnecessary.
    Frequently changing passwords encourages the use of easy-to-remember (and easy-to-hack) passwords and minor password adjustments that don’t improve security. Additionally, password change mandates can cause employees to resort to saving passwords on browsers, which isn’t safe. Unless you discover your passwords are at risk, it’s not necessary to change them periodically.
  • When to change your password: Instead of asking how often you should change your password, it’s important to review the circumstances affecting remote workers that should always lead to password resets, including:
    If there’s a data breach: Change any impacted passwords right away if you’ve been notified of or suspect a data breach.
    If you shared a password unsecurely: Sharing passwords with coworkers over email, text, or chat apps can increase your vulnerability if trusted associates are exposed to a cyberattack.
    If you didn't use a VPN in public: Remote workers often log in from public settings like cafés and airports where WiFi can be subject to data intercepts. Passwords should be changed any time these networks are joined without the benefit of a VPN.
    If your information is found on the dark web: You may not realize your password, email address, or phone number has been leaked until it’s too late. Dashlane’s Dark Web Monitoring service alerts subscribers if their information is detected and passwords need to be changed.
    If you have a funny feeling: Most of us can sense when there’s something amiss with our computer or device. Always err on the side of caution when it comes to password protection.
Graphic of two boxes. The first box is labeled "If" and lists instances that threaten password security, including data breaches, unsecure password sharing, not using a VPN in public, password found on the dark web, or if you have a funny feeling. The second box is labeled "Then," with instructions to change your password and use a password manager.
  • Home workers and the security culture: Apart from mandatory password changes and company-sponsored anti-virus software, it’s important for remote workers to remain engaged in the security culture. This can be accomplished through training and policies encouraging remote employees to take responsibility for their own cybersecurity and increasing awareness of common problems like phishing and spoofing.  
    Dashlane Password Manager provides Password Health scores to give each employee more insight into their individual password strength (or lack thereof) and reinforce the security culture for remote workers. The admin dashboard assists IT teams by indicating which employee accounts are using weak or compromised passwords.
  • Password changes and remote workers: Education and awareness of when you should change passwords can enhance security for remote and hybrid workers. Remote employees also benefit from the advanced security features of Dashlane Password Manager, such as:
    —Instant password syncing across all devices and operating systems.
    2-factor authentication (2FA) to confirm user identity at login.
    —A secure, encrypted portal for password sharing.
    —Additional VPN and Dark Web Monitoring services.

The best way to change your passwords

Once you’ve experienced a data breach or malware attack, used public WiFi without a VPN, or just had a gut feeling about the security or privacy of your passwords, it’s time to make a change. Keep the following tips in mind when you reset passwords:

  • Replace the old one with a new, strong, and unique one

Simply replacing the old password with a similar one isn’t enough. Make sure your new password is strong and unique by including a mixture of upper and lowercase letters, numbers, and special characters. Use at least 12 characters and avoid common phrases or personal identifiers like your name and address.

  • Store it in a safe place

Lax password storage is a common issue for remote workers. Instead of writing passwords on sticky notes and leaving them in unlocked drawers or storing them in spreadsheets, find a secure location where your can file your passwords. The best way to store passwords safely is by using a password manager to encrypt and store your passwords on secure, encrypted servers.

  • Use a password generator

Long and complex passwords can also be difficult to devise and remember. Dashlane’s Password Generator uses advanced algorithms to create long, random, and unique passwords for you. Convenient, user-friendly Autofill takes the guesswork and memorization out of password recall.

A screenshot of the Password Generator in the Dashlane web extension.

Why is it important to change your password?

Along with the when and how, it’s important to understand the reasons why remote workers should change their passwords and keep track of their password health.   

  1. Hacking algorithms take time: A complex and unique password created by a password manager can slow down the brute-force password-breaking tactics intended to decrypt passwords. Extra characters and random patterns can add months, years, or centuries to the expected code-breaking time.
  2. Data breaches: Longer detection and reporting times for data breaches have been unwanted side effects (with steep financial consequences) of the remote workforce. Home-based workers should report any suspected malware or spyware attacks to their IT teams and use an encrypted portal for password sharing so that information can be shared privately without increasing vulnerability. Dark web monitoring helps remote workers quickly respond to any previously undetected breaches or data compromises.

“When Dashlane’s Dark Web Monitoring notifies employees that their sensitive information has been exposed, our employees take a screenshot of that notification and share it on Slack. They know it’s important to check the impact of that breach on the company and on other people. We very much believe that the phrase “when you see something, say something” extends to information security.”

Shirley Liu
Chief of Staff to the COO at Finder
  1. Reused passwords: Endless new accounts and passwords can easily lead to more reused passwords. Duplicate passwords can weaken cybersecurity by exposing many accounts if even one password is compromised. With the help of password health scores to track compromised, weak, and reused passwords, ongoing updates can be focused on shrinking the repeat list.   
  2. Unsecured networks (without a VPN): Public WiFi and even home WiFi networks have become a target of choice for hackers, as tactics like fake access points and man-in-the-middle data intercepts have been developed and refined. Sending company data over an unprotected WiFi network can be a recipe for cyber disaster.
    The additional VPN offered by Dashlane encrypts communications to and from your device, lets you access geo-blocked content, and provides online anonymity by masking your IP address.

How Dashlane helps remote workers secure their passwords

Like remote working, password managers bring more privacy, flexibility, and convenience to our daily lives. Dashlane Password Manager makes it easier for home-based workers to create strong, random, and unpredictable passwords, then store and autofill them securely. With standard features like 2FA, Password Health scores, single sign-on (SSO), and a secure password-sharing portal, Dashlane has assembled the ideal password tool kit for remote workers and their employers.

Hybrid and remote work environments present challenges for both employers and employees. Find out how we have successfully combined communication tools, scheduling, accountability, and security best practices to optimize our own hybrid work environment in The Dashlane Guide to Hybrid Work. 


References

  1. Zippia, 25 Trending Remote Work Statistics (2022): Facts, Trends, and Projections, October 2022.
  2. Dashlane, “What a Year of Working From Home Taught Us About Cybersecurity and 3 Predictions for What’s Next,” May 2021.
  3. Dashlane, “How to Stop Reusing Passwords for Good,” January 2020.
  4. Dashlane, “How To Maintain Security When Employees Work Remotely,” October 2022.
  5. Dashlane, “Why Do You Need a VPN? Don’t Miss These 3 Key Benefits,” August 2020.
  6. Broadband Search, “The Most Popular Internet Sites of 2022,” 2022.
  7. CMS Wire, “4 Collaboration Habits That Open the Door to Security Breaches,” August 2020.
  8. SpecOps, “ Why cached credentials are causing account lockouts,” August 2021.
  9. Dashlane, “How to Erase Saved Browser Passwords: Step-by-Step Guide,“ November 2022.
  10. Dashlane, “Always Change Your Passwords After a Breach,” March 2020.
  11. Dashlane, “How to Shine a Light on the Dark Web,” June 2022.
  12. Dashlane, “How to Create a Culture of Security,” March 2022.
  13. Dashlane, “Ensure Password Security for Remote Workers,” December 2019.
  14. Dashlane, “Understanding Your Dashlane Password Health Score,” October 2020.
  15. Dashlane, “What the Hack is 2FA,” January 2020.
  16. Dashlane, “How Strong is Your Password & Should You Change It?” August 2022.
  17. Dashlane, “Best Way to Store Passwords at Home or Work,” September 2022.
  18. Dashlane, “Resist hacks by using Dashlane's password generator tool,” 2022.
  19. Scientific American, “The Mathematics of (Hacking),” April 2019.
  20. Liberty ID, “Remote Work Results in Longer Data Breach Detection Times – Will You Be in Compliance?” September 2020.
  21. CSO, “Man-in-the-middle (MitM) attack definition and examples,” March 2022.
  22. Dashlane, “The Dashlane Guide to Hybrid Work,” 2022.
  23. Dashlane, “Report: A Global Look at Password Health,” 2022.

Sign up to receive news and updates about Dashlane