It’s best practice for businesses to change passwords at least every 60 to 90 days, especially for accounts with access to sensitive data or financial information. Regular password updates help reduce the risk of unauthorised access if an account has been compromised without your knowledge.

However, rather than relying solely on frequent password changes, focus on creating strong, unique passwords for each system or account. Use a mix of uppercase and lowercase letters, numbers, and symbols, and avoid using personal details like birthdays or company names.

We recommend using a reputable password manager, such as Bitwarden or 1Password, to securely generate and store passwords. This allows your staff to create complex credentials without having to remember them all, reducing the temptation to reuse passwords across multiple systems.

You should also implement two-factor authentication (2FA) wherever possible, which adds another layer of protection even if a password is stolen.