Password Myths That You Should Avoid

Misconceptions about password
Image source: Pixabay

Advertisements

We live in a password-protected world. An average Internet user has 90 online accounts and probably needs a password to access most, if not all, of them. Despite using them on a daily basis, we still seem to have serious knowledge gaps about passwords. Here are some common myths about password that you need to debunk and why they are wrong:

Passwords are secure

⇒Join us on Telegram for more Sure and Accurate football-winning tips every day...click here

Data breaches are more common than you might think and they don’t just happen to small sites. Linkedin, Facebook, and other major platforms all suffered data breaches in the past, exposing users’ login credentials. Your passwords can also fall victim to phishing and man-in-the-middle attacks. So no, passwords are not so secure after all.

Advertisements

You can strengthen your protection by adding two-factor authentication on top of a password. Two-factor authentication is a combination of something you know (your password) and something you have (your phone or security key).

But it’s worth keeping in mind that not all two-factor authentication methods were created equal. Using texts as a second authentication step is generally discouraged as the weakest strategy. Hackers can redirect the victim’s texts to a different SIM card, as was the case for the Black Lives Matter activist DeRay McKesson. Using an authenticator app on your phone or a physical security key is much more secure.

People are good at coming up with password

We invented them so you would think we would be good at coming up with clever passwords, right? Unfortunately, not. One could even say we are spectacularly bad at it.

The UK’s National Cyber Security Centre (NCSC) found that 123456 was the most widely-used password on breached accounts, followed by “qwerty”, “password”, and 11111. Apparently, even the tech geniuses are not always on the right side of strong passwords. Mark Zuckerberg’s hacked Twitter password was “dadada”, which caused confusion and concerns among data security advocates.

Also read:

It seems like most people are simply too lazy to come up with strong, unique passwords each time they set up a new account. Which is fine. Just recognize your own weaknesses and use any of the apps out there that can auto create password. These apps, available on all platforms, including Windows and Android, let you generate a genuine password from scratch that are difficult to guess. They will do much better job coming up with good passwords than you would.

The longer the password the better

Yes and no. Shorter passwords take far less time to crack in a brute-force attack than the longer ones. But that doesn’t mean you need to go as long as 32 characters to stay safe.

Ten characters are usually adequate if you are not using dictionary words and have a combination of random letters and characters. A ten-character password “%ZBGbv]8g?” could take three years to crack on a botnet, according to security experts.

Passwords are supposed to be memorable

It’s clear where the logic comes from with this one; if you keep forgetting all your passwords, logging into accounts will become a password retrieval nightmare.

But remembering dozens of unique, random passwords is not really feasible, is it?

Instead of creating memorable passwords, you should be smart about storing them. Use a password manager like 1password, KeePass, LastPass, or other tools to store all your login credentials securely. That way you will only have to remember one password — your master key for accessing the password manager vault. Make it strong and memorable, so you don’t have to write it down anywhere.

Leave a Reply

Your email address will not be published. Required fields are marked *