Your organization shouldn’t delay getting a password manager because using a password manager provides visibility into employee password habits, strengthens secure password practices, protects employees from
Updated on November 30, 2023.
Passwords are your first line of defense when it comes to protecting your online identity and information. To ensure the security of your accounts, you need to practice good password security. However, many people adhere to common misconceptions about password security that can put their passwords at risk of a security breach. Some common password security myths people follow include the idea that complex passwords are better than longer passwords and that frequently changing weak passwords is safe.
Continue reading to learn more about the top six password security myths and the truth behind these myths.
Myth 1: Special Characters and Numbers Automatically Make Your Password Stronger
When creating your passwords, it’s important to use unique characters and numbers to make them strong. However, special characters and numbers don’t automatically make your passwords stronger if they are misused. Misusing characters could be adding numerical sequences or adding an exclamation mark at the end of your passwords. Cybercriminals have created advanced technology that can easily crack passwords by cycling through commonly used special characters and numbers.
Some people reuse the same passwords believing they are safe because they added a special character or number to them. However, reusing the same password, or a variation of the same password, still makes you vulnerable to cyber attacks such as credential stuffing – a cyber attack in which a cybercriminal uses a verified set of credentials to access several accounts.
Truth: Although special characters and numbers are elements of a strong password, they do not automatically make your passwords stronger. To create a strong password, you need to create a random combination of uppercase and lowercase letters, numbers and special characters that are unique to each of your accounts.
Myth 2: Complex Passwords Are Better Than Long Passwords
Many believe that complex passwords will protect you better than long passwords. However, complex passwords will not protect you if they are too short. Cybercriminals use tools and programs that can crack passwords in a matter of seconds depending on how complex and long your passwords are. If your passwords are short and not complex, a cybercriminal can instantly crack your passwords. The longer and more complex your passwords are, the longer it will take cybercriminals to crack them.
Truth: Complex passwords are not better than long passwords and vice versa. To prevent brute force attacks from guessing your login credentials, passwords should be both complex and long — at least 16 characters.
Myth 3: Simple and Easy-to-Remember Passwords Are Better
According to Keeper’s 2022 Password Practice Report, the average person has more than 20 online accounts. As a result, many people tend to use simple passwords that are easy to remember. They reuse the same passwords or variations of the same passwords across multiple accounts so they only have to remember a single password. People also tend to create passwords with personal information such as pet names or their favorite sports teams because it will make the password easier to remember.
These password practices are dangerous and prone to password-related cyber attacks. Reusing the same login credentials can put your accounts at risk of credential stuffing attacks and compromise multiple online accounts.
Truth: You should avoid using simple and easy-to-remember passwords, which are considered “weak passwords,” to protect your online accounts. If remembering strong passwords for each account is a concern for you, consider using a password manager. A password manager generates strong and unique passwords and stores them in a password vault. All you have to do is create and remember one strong master password.
Myth 4: Password Strength Is Irrelevant If You Reset Passwords Often
Some believe they don’t have to use strong passwords to protect their online accounts if they frequently change their passwords. However, changing your passwords frequently will not protect you from cyber attacks. Regardless of how often you change your passwords, a cybercriminal can still crack your password if you are “creating” reused versions of weak passwords. When people are resetting their passwords, they often use a variation of old passwords which can easily compromise their accounts. Changing your passwords will only protect your accounts if you also ensure they are strong and unique.
Truth: Frequently resetting your passwords won’t protect your accounts if you use weak passwords. If you are using strong passwords, you don’t have to reset your passwords often. It’s usually only necessary to change your passwords if your accounts are privileged, at risk of a security breach or have been accessed by an unauthorized user.
Myth 5: You Don’t Need MFA if Your Password Is Strong
Multi-Factor Authentication (MFA) is a security measure that requires you to provide additional forms of authentication. When you enable MFA, you need to provide your login credentials and one or more forms of identification such as a one-time code to gain access to your accounts. MFA helps provide an extra layer of security to your accounts ensuring only authorized users are allowed access to them.
Some people believe that they do not need to enable MFA on their accounts because they use strong passwords. However, strong passwords can still be compromised if they are exposed during a security breach. Even if your login credentials were stolen, MFA would help protect your online accounts and prevent cybercriminals from accessing them.
Truth: Regardless of how strong your passwords are, strong passwords can still be compromised. You should enable MFA to protect your online accounts from being compromised.
Myth 6: You Can Share Passwords With People You Trust
Password sharing is the act of sharing login credentials with others to give them access to your accounts. People often share login credentials for streaming service accounts with their family or online tools with their work colleagues. Sharing passwords through unencrypted methods like email or text messages can put your accounts at risk of being compromised. These methods of password sharing can easily be intercepted or hacked by cybercriminals.
Truth: Sharing passwords with people you trust can still put your accounts at risk of being compromised. You need to use encrypted methods of password sharing to safely give others access to your accounts.
How a Password Manager Protects Your Passwords
To protect your online identity, you need to practice good password hygiene. Good password hygiene includes using strong, unique passwords and enabling MFA. However, it can be difficult to practice good password hygiene without the help of a password manager.
A password manager is a tool that securely stores and manages your personal information, such as your login credentials, credit card numbers and other sensitive data, in an encrypted vault. With a password manager, you won’t have to worry about remembering all of your passwords and resorting to reusing weak passwords. A password manager can identify weak passwords and prompt you to strengthen them. It also makes logging into your accounts easier since it is cross-compatible and often comes with an autofill feature. Keeper Security offers a password management solution that is protected by zero-trust and zero-knowledge encryption. This ensures that only you have access to your personal data.
Start a free trial of Keeper® Password Manager and adopt the best practices for your password security.