Password is critical in today’s highly digitalized environment. We need passwords for almost everything, from online bank transactions, email accounts, and social media handles like Facebook, Snapchat, Twitter, or Instagram. The introduction of biometrics gave people the idea that passwords were no longer necessary, but that has not been the case yet.
Many myths and misconceptions surround the use and generation of passwords. It there any truth to them?
Myth 1: A strong password has to be extra long
It is true that a long password is strong, but that does not necessarily mean it has to be 40 or 50 characters long. Unless you need to encrypt sensitive government data or Bitcoin wallets, 17 characters are enough. For very sensitive data, 23 characters are enough to keep you secure.
Myth 2: Passwords will become obsolete
Most IT professionals believe that in a matter of years, the password will become obsolete. In a sense, it is true that in the years to come, security and authentication techniques will be highly advanced. However, that time is not now. Biometrics such as facial recognition fingerprint kits are an advanced method of recognition but do not yet fit the authentication bill. Cryptographic keys are also a likely candidate but are susceptible to phishing.
Myth 3: passwords are secure
Passwords are not 100% foolproof. Hackers are always on the prowl and are always looking for ingenious ways to crack passwords. In comparison to other security techniques such as biometrics and phone numbers, passwords have security gaps. You must know what a strong password is before you generate one.
Myth 4: Passwords must be memorable
Passwords do not have to be created in such a way that they are memorable, they just need to be strong and secure. A password manager is a perfect and secure technique that simplifies your life. You do not need to remember each one of your passwords to email accounts, social media handles and work accounts.
A password generator automatically fills in your password whenever it is needed and protects you from phishing at the same time. A password manager doubles as a password generator that can generate a random and unique password, which it stores and remembers on your behalf.
Myth 5: Biometrics is better than the password
We are headed to a future where biometrics will be the norm. It will be as simple as pressing your finger to a sensor or scanning your retina and you are automatically logged in. The problem right now with biometrics is that data is stored in a series of ones and zeros. Since biometrics is a single-factor authentication, hackers can easily gain access and steal the data.
Myth 6: Regular password change increases security
The assumption that most people make is that the regular password change protects accounts better. A lot of large organizations have a similar security policy where employees are required to change their log-ins every 1-3 months. They even ask the employees to change the password length every time. Most people will change the password with the least they can get away with, which makes the hackers’ work easier because new passwords are not necessarily stronger. You can well be weakening your defense with each update. This sort of protective mechanism protects against a mass password leak where hackers get hold of each and every employee’s credentials, hence the need for everyone to change it. The proper defense against this sort of attacks would, therefore, be to better secure the company server or password vault where logins are stored instead of mandating updates every few months.
Passwords so far are the most reliable means of data security we have. Any other techniques, such as biometrics still need some tweaking. They may get the job done, but they have security lapses. We have established that passwords also have some weaknesses, but are far more secure. All a password has to be is random, unique, and strong, and that will give hackers a run for their money. Overall, passwords will be relevant for quite a long time to come so it’s essential that we all get it right.
Jack is an accomplished cybersecurity expert with years of experience under his belt at TechWarn, a trusted digital agency to world-class cybersecurity companies. A passionate digital safety advocate himself, Jack frequently contributes to tech blogs and digital media sharing expert insights on cybersecurity and privacy tools.