A study by Google reveals that about 75% of Americans feel frustrated about passwords, so it’s easy to understand why people would adhere to common “guides” about password security. You need to be careful about misinformation and what counts as good password hygiene.
In this blog, we discuss nine popular myths and misconceptions about password security, the right approach to password security and the importance of deploying password managers.
9 Common Myths About Secure Passwords
Credential security is vital as passwords provide the first line of defense against attackers seeking unauthorized access to your account or devices. In reinforcing the need for stronger passwords, several opinions are shared – some of which are untrue.
Here are nine common password myths and the truth about them:
1. With special characters and numbers, you automatically make a password stronger
A combination of letters, numbers and special characters is one of the best practices for creating a strong password, but it doesn’t guarantee credential security. Reusing the same combination on multiple accounts makes your strong password susceptible to malicious actors.
Truth: A combination of special characters and numbers that are unique to each account improves credential security.
2. You should focus more on complexity than password length
Online discussion forums have strong opinions about the better practice between complexity and length for password security. A 12-character password containing numbers alone will take only 25 seconds to crack. Yet, complex passwords that need to be changed every 90 days give employees headaches, giving rise to pasting passwords on sticky notes on computer screens, which is a very insecure practice.
The How Secure Is My Password tool indicates how long it will take attackers to use computational systems to crack your password. Based on multiple unique entries prioritizing complexity or length, the shorter a password, the easier it is to guess.
Truth: To avoid successful brute force attacks involving your credentials, passwords should be equally long — about 10 characters or more — and complex.
3. Simple and easy-to-remember passwords are better
With the average individual having about 100 different online accounts, it’s natural to take the path of least resistance and use passwords that you can quickly recall or a variation of the same password for multiple accounts. Keeper’s recent study found that 56% of people reuse their passwords..
Combinations that are easy to remember such as pet names, first street and your mother’s maiden name will also be easy for attackers to discover, sometimes by a simple social media search.
Truth: Passwords can be words that are easy to remember but should be within best practices. For example, having “northcarolina99” being your place of birth as your password will be better worded as “N0r+Hc^R0|in^99”.
4. You’re safe as long as you use a password checker
Password checkers determine the strength and resistance of passwords to attempts to crack them. These checkers consider repeated numbers, consecutive letters and sequential symbols in determining password strength. While this is a good indicator of your password being within best practices, it does not guarantee security.
Truth: Password strength meters can only provide reasonable guidance and are not a complete judge of security.
5. Password strength is irrelevant if you reset passwords often
Cybercriminals don’t set a schedule for carrying out malicious attacks. Weak passwords increase the possibility of successful unauthorized access attempts.
Truth: Resetting passwords often is only a good practice if new passwords are strong — complex, long and not reused.
6. You don’t have to change the default password if an account is not that important
A password acts as the primary entry point to your online identity. While an account may not be important to you, it may contain credentials or data that attackers may use to access other valuable accounts.
Not changing default passwords empower malicious actors to carry out activities such as credential stuffing, an attempt to access multiple accounts with a set of stolen credentials, or password spraying, which is an attempt to use common passwords to access accounts on one domain.
Truth: Regardless of the significance of an account, password security is essential to protecting your personal information.
7. You don’t need a password if you have no secrets
Unlike small towns with well-meaning neighbors, the internet is accessible to billions of people and not everyone has the best intentions. Innocent individuals are also victims of identity theft, fraud and other crimes. According to the FTC, 2.8 million out of the 5.6 million reports filed in the U.S. last year were about fraud. Protecting your data and online accounts is more about personal safety than the concealment of secrets.
Truth: Strong password management is necessary for everyone.
8. User passwords have a maximum length
While the best practice is to have both complex and lengthy keywords of at least 12 characters, this is not the minimum you have to use. Many platforms have a character limit of about 128 characters, which is sufficient for securing an account.
Truth: Passwords have a character limit, but it’s not as low as we may think.
9. Password managers are unsafe
Of the 3,000 people polled in a Google study, most respondents are looking for ways to track and manage passwords, yet only 24% are actively using password managers, despite knowledge of their security benefits. Password management solutions such as Keeper are safe to use as they use encryption to generate and store the passwords or passphrases for your accounts.
Truth: Password managers are safe and secure to store your credentials in, preventing unauthorized access to your accounts.
Password Managers Improve Credential Security
Having to remember multiple passwords is taxing and resetting passwords often is annoying. As a software application that stores and manages online credentials, password managers reduce the chances of cybercriminals gaining access to your account and provide you with a swift and secure way to access your data. While password managers are safe and prevent many of the different cyberattacks out there, they’re underutilized.
Get Keeper and Protect Your Passwords
According to the Password Manager and Vault 2021 Annual Report, about one-third of Americans suffered identity and password theft and only 10% of those whose credentials were stolen were using password managers at the time. A quality password manager such as Keeper helps you create and store secure passwords.
Start a free trial of our platform today and adopt the best practices for password security.
Frequently Asked Questions
What are the four best practices for passwords?
Adopting password best practices makes breach attempts by attackers more difficult. Consider these four practices for password security:
Have multi-factor authentication (MFA) for each account
Use different passwords for all your accounts
Refrain from sharing passwords with others
Use a password manager
What are the three elements of a strong and secure password?
Strong and secure passwords are:
At least 12 characters long
A combination of letters, numbers and special characters
A mixture of upper case and lower case numbers