Four Common Password Misconceptions

Four Common Password Misconceptions

Between email, online shopping, social media accounts, utilities, and banking, an average person has lots of places to log into..

As per Buzzfeed reports, a survey by Intel discovered that an average person performs 27 online logins per day. And, as Dashlane notes, the number of online accounts continues to grow at a much faster rate. With each account comes a new password to remember. That’s a heavy load! This begs the question, how can we manage these accounts effectively while still keeping them safe?

While several password managers such as 1Password, Passpack, and Dashlane have come forward to address this issue, most people still don’t use any of them. The result of this is that a good number of people keep forgetting their passwords. In amid to protect their passwords, people usually go to the extremes—they either become extremely negligent over time, or they get extremely paranoid and start agonizing about every trivial security detail. And, while in this state, you are prone to bad or outdated advice about passwords. We are here to dispel any password misconception that you may have heard.

Misconception 1: Complexity is more powerful than the length

The security level of your password needs to live up to all the hackers’ methods of attack. Most people believe that a set of random characters such as N765$@”#t, is almost impossible to crack. The truth, however, is that a set of strong random, but memorable characters such as “DickCrispyBlueberry”, is actually more bulletproof and harder to breach. It all boils down to password entropy, which simply means a lack of predictability.

Also, remember that adding the name of the website in your already long password isn’t such a smart move. Using “DickCrispyGmailBlueberry” on your Gmail account means you are highly likely to use “DickCrispyFacebookBlueberry” on Facebook and a bot can easily notice this move. Play it safe by using a complex, long password on each site.

Misconception 2: Passwords are insecure

This is a common password misconception. While they may not be 100% secure, passwords are certainly more secure compared to other security measures like phone numbers, biometrics, and government ID. A good password should be:

  • Unique, meaning you haven’t used it anywhere else.
  • Strong, meaning it’s impossible to guess through brute-forcing.
  • Transmitted over secure channels, such as real HTTPS connections, by users who are aware of phishing.

Misconception 3: Regular password change enhances your security

Most companies have rules that require you to change your password after a certain duration of time. Normally, there is also the minimum number of characters that the new password ought to have to differentiate it from the old one. These rules stem from the notion that all passwords get leaked over time.

These mandatory changes may be good, but they address just one concern about the problem. Most people will end up doing the utter bare minimum when updating their passwords, and this gives the hackers a starting point to better guessing. Discouraging account sharing and enlightening users about the risks of conceivable leaks is far more beneficial.

Misconception 4: Passwords have a maximum length

Some people believe that passwords have a maximum length, but that’s not true at all. If handled properly, your password can be whatever length you want it to be. Remember, the security of your password increases with the increase in the number of characters. Therefore, longer passwords are believed to be stronger compared to shorter ones. That said, 17 characters are more than enough, unless you are encrypting highly delicate data, for instance, your Bitcoin wallet or any other sensitive, digital files.

It’s true that your password is as secure as the site that stores it, but that doesn’t mean you should become too paranoid. Just be careful and find a way to keep your data safe! Use long unique passwords on each website and remember length is way more important than complexity. Also, remember that updating your old passwords won’t work. Endeavor to always create completely new passwords.

If you found this Mod helpful, you might also enjoy learning about this hidden privacy feature on your iPhone. Please share this Mod using the social media icons below. Any comments or questions? Let us know on Twitter!

Tagged in : TechPrivacy

Millennial Moderator Author

Jack Warner

Jack is an accomplished cybersecurity expert with years of experience under his belt at TechWarn, a trusted digital agency to world-class cybersecurity companies. A passionate digital safety advocate himself, Jack frequently contributes to tech blogs and digital media sharing expert insights on topics such as whistleblowing and cybersecurity tools.