5 Biggest Password Security Myths
It is easy to understand how some users may think that passwords can no longer protect their accounts. Cybercriminals keep looking for ways to steal our credentials, not to mention, there is a visible increase in massive data breaches, when lots of sensitive information gets compromised at once. According to Breach Level Index, over 6 million records are lost or stolen every day, and only 4% percent of breaches that occurred since 2013 were so-called Secure Breaches or, in other words, attacks during which hackers took encrypted data they could not use. No doubt, such statistics might make it look like protecting your accounts is an impossible task. However, we are here to tell you that investing time and putting efforts in setting up secure passwords is not a waste of your time, and because of rising cybercrime, it is now vital to adopt correct password habits more than ever.
Of course, to understand what it takes to create a secure password to defend your privacy against hackers, it is crucial to know the biggest password security myths as well as answers to questions like is longer password safer than shorter or is complexity more important than length. Many security specialists agree that a lot of password guidance tips provided by various websites are outdated and are the reason why some users set up weak passcodes without realizing it. Thus, we present you our list of top 5 biggest password security myths and tips on how to create combinations that would be difficult to crack.
Table of Contents
Password Security Myth Number 1: Longer Passwords are Safer than Shorter
The truth is, your password can be 10 characters long, and it might still be less secure than a passcode made from 6 characters. Length is important, but it is not everything. No matter how long the combination is, it will be easy to crack if you use your name, surname, or other information that hackers can learn by taking a look at your username, email address, social media profile, and so on. Users should also avoid dictionary passwords as they can be easily guessed. Therefore, whatever passcode you choose, make it as long and as random as possible. If you raise a question is longer password safer than shorter password, you need to understand what a long password is. At some point, a 6 character combination was considered to be of substantial length, but with time cybersecurity specialists started recommending users to add more and more characters. At the moment, users are encouraged to create passcodes from at least 12 characters (numbers, symbols, and upper-case/lower-case letters).
Password Security Myth Number 2: One Strong Password Is Enough for All Your Accounts
Reusing a single password for all of your accounts is probably the worst thing you can do. If one of them gets compromised, it might be enough for hackers to gain access to the rest of your accounts. Cybercriminals can find them based on the information they collect. For example, a lot of users choose their name and surname when creating a username and such information can be used to find users' accounts on social media platforms. This is why specialists recommend replacing passwords not only on the breached website but also on any other site that could be sharing the same passcode. Of course, there is a possibility that your account's provider will use strong encryption and the stolen password will be unreadable. Nonetheless, as we mentioned earlier, only a small percent of breaches are secure, so why take any chances?
Password Security Myth Number 3: It Is Unsafe to Write Your Passwords Down
It is true in many cases, for example, when users write their passwords on sticky notes, text documents, or anywhere else where it can be easily viewed or accessed. On the other hand, it is entirely different if you store your passwords on a dedicated password manager. A dedicated tool is an application created for a single purpose, in this case, to save and protect your passwords. As for integrated applications, such as password managers offered along with browsers, many specialists agree that they are less secure. Moreover, dedicated tools often provide more useful features that can help strengthen your passwords and secure your privacy.
For example, Cyclonis Password Manager has a Password Generator, which can create random complex combinations from 4 to 32 characters. Once you generate a password, the complexity bar will show how secure it is. Automatic login is another useful feature you might like. To be more precise, Cyclonis allows you to access your accounts without having to type your username or password. Plus, if you store payment or identification information, the application can help you fill fields requiring it automatically too. Yet, the best thing about it is it keeps your password and other sensitive information in an encrypted vault located on a chosen cloud storage or device. To secure your data, even more, you can set up Two-factor Authentication as well.
Password Security Myth Number 4: Changing Your Password from Time to Time Increases Security
It depends on what you change your old password into. For instance, if you place a couple of new characters at the end of it or make similar small changes, it will not make the combination stronger in case it has already been compromised. To be more precise, if hackers know your old password, it will not be difficult for them to figure out the new one. As in our example, it would only take to learn the last 2 characters. This is why if you do change your passwords, you should never use the old passcode as a base. The smartest thing to do would be to come up with an entirely new combination that would be both long and complex. You can also find a more comprehensive answer in our previous blog post.
Password Security Myth Number 5: Well-Known Brands Can Keep Your Passwords Safe
If there is anything we learned last year, it is that any company, big or small, can experience data breaches if it is not prepared for cyberattacks. Sadly, there were quite a few incidents when large companies leaked their users' sensitive data in 2018. Unfortunately, many organizations still think it will be someone else and not them or underestimate hackers' capabilities. Thus, even if it looks like the company has the resources to keep your data safe, you still cannot be sure it will not leak your password or other sensitive data. Still, there are some things you can do to lessen the damage. It is recommendable not to use your primary email account when registering on a new website, especially if you are not sure if it will be able to keep your sensitive data safe. Also, in an event there is a data breach on a site you have an account, it is crucial to react fast and replace the compromised password as quickly as possible, which is why you should read about events related to cybersecurity more often. Lastly, it would not hurt to be extra cautious and use additional safety measures offered by some sites, for example, Two-Factor authentication.
To conclude, even though we have Two-Factor and Multi-Factor authentication, in most cases a password is still the only thing that stands between your sensitive data and hackers. Thus, we cannot stress enough how important it is to set up strong passcodes for your accounts if you do not want to put your privacy at risk. Hopefully, our list of top password security myths will help you realize what mistakes you might have been doing up till now and how to improve your password creating habits.