Date First Published: 27th November 2023
Topic: Cybersecurity
Subtopic: Security Mechanisms & Technologies
Article Type: Computer Questions & Answers
Difficulty: EasyDifficulty Level: 3/10
Learn about the top 12 password myths in this article.
Over time, there have been common myths about passwords which come from common "guides" about password security. These can actually make your passwords weaker and give you a false sense of security. Avoiding misinformation and knowing what counts as a strong password can help you maintain good password security and help secure your electronic accounts. Below are 12 common myths and false beliefs about passwords.
You have probably heard from multiple sources that you should regularly change your password every six months, every three months, or even every month. This is a common myth. The truth is that as long as your password is already strong, not compromised in a data breach, and has not been discovered by someone else, there is no need to regularly change it and it is unlikely that you will achieve anything from regularly changing it to another strong password.
Instead of regularly changing your passwords, it is more important to ensure that you use strong, unique passwords with extra security features, like two-factor authentication and only change them when necessary, like if you know your old password is weak, your account has been involved in a data leak, your computer has been recently infected with malware or spyware, or you notice suspicious activity in your accounts. Changing your passwords for no reason is more likely to create more problems than solve them.
A common myth is that all your accounts will be safe if you reuse one strong password across all of them. Reusing passwords across multiple accounts is risky because if one password gets compromised, all other accounts using that same password would also be at risk as someone might try the same username and password combination on other websites. Even if a strong password is reused across multiple accounts, if it is compromised, it can still be guessed.
Although password strength checkers can give you an idea of how strong your password is, they are not always accurate as they may not consider factors, such as whether the password has been compromised in a data breach and may rely on overly simple calculations. Each password strength checker calculates the strength of the password differently, so checking the password strength of the same password using different password strength checkers can lead to results that vary quite a lot.
Although large companies usually have more security measures and resources in place to protect against unauthorised access to accounts, that does not mean that passwords are always safe if they are stored by large companies. Even large companies can experience data leaks, exposing the passwords of users.
Password managers are a good tool for storing passwords. They usually use encryption to store passwords and require a master password to access the database with a low risk of data breach. Password managers can help users remember complex passwords for different electronic accounts since only one password needs to be remembered to gain access to the list of passwords. This is more secure than keeping passwords in a text file or writing them down on paper where they could be read by someone else.
The length of a password itself does not make it stronger. Even if a password is long, if it consists of simple words and phrases, it will be easier to crack than a shorter password that consists of a mix of letters, numbers, and symbols. Although passwords should be at least 8 characters in length so that they are not easy to guess, the complexity of a password is more important than the length.
Two-factor authentication is designed to add an extra layer of security to electronic accounts by requiring more than just a username and password to gain access. Even if someone stole the password for someone's electronic account, they wouldn't be able to sign in as it is unlikely that they would be able to verify their identity, unless they had access to the other authentication method.
Even if your password is secure, data breaches can leak thousands or even millions of passwords. Over the years, only relying on passwords for authentication has become less secure due to attackers finding lots of ways to crack and steal passwords, including brute-force attacks, keyloggers, and phishing. Whilst it will take more time to log into your account than just by entering your password, becoming a victim of identity theft/fraud is much worse and you don't want that to happen.
Although there can be some inconvenience with users having to remember passwords and there are more modern security technologies, like biometric authentication and email verification, they cannot completely replace passwords. Biometrics comes with some limitations and is more complex. Everyone is familiar with passwords and they are simple for people to use. Instead, the requirement is to evolve practices to consider modern password security practices.
When people believe that they have nothing to hide on their accounts, they often use weak passwords or even the default password. Even if accounts do not include any personal information, if someone gained unauthorised access to your account, they could use it to launch phishing attacks on other people and make unauthorised changes without your permission. Also, a hacker that guesses one password might be able to access other linked accounts on different platforms.
Although two-factor authentication adds an extra layer of security to passwords, it does not 100% guarantee no unauthorised access. If someone had access to the other authentication method, like the verification code sent by text or email address, they could still gain unauthorised access. For example, hackers have found ways to trick mobile phone carriers into sending the code to their phones, also known as SIM-jacking. In addition, two-factor authentication can be vulnerable to attacks from hackers because a user can accidentally approve access to a request issued by a hacker.
A common myth is that if you forget your password, you will usually be permanently locked out of your account with no way of recovering it. This would only be true in exceptional cases. For most platforms, if you forget your password, you will be able to recover your account. You would usually be able to reset your password by receiving an email notification with a verification code and a link to click to choose your new password.
Another myth is that writing down any passwords is unsafe. This depends on where the written passwords are stored. Writing down passwords on a sticky note or a notebook and keeping them hidden at home is okay to help remember them because it is very unlikely that someone who wants to hack into your account is going to try to physically access your home and steal your password book or sticky notes. However, in an office environment, personal information, such as passwords, should not be left in places where they can easily be seen by other people.
If so, it is important that you tell me as soon as possible on this page.
Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Threats To Individuals Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection
