Talking about password security is no ones favourite topic, but the reality is that passwords are still extremely important. Email or social media, online banking or gaming, educational applications or online services—anything that keeps some kind of user data still depends on passwords to keep hackers out and to provide privacy. Attackers will continue stealing bank accounts and taking over online services if users don’t step up and use better passwords.
We all know the basics—don’t use “password” and don’t repeat the same password across different accounts. We should be turning on two-factor authentication on online accounts wherever possible and use a password manager to track all the passwords. Unfortunately, a lot of password advice sounds reasonable but needs context to be more helpful.
There are many myths about password security floating around the Internet. Here are some examples to help you re-enforce your password security:
Password myth 1: Your password needs to have mixed case, numbers and special characters
FALSE: There’s a limit to how much security complex passwords can give you. Yes, “letmein” is a bad password, but “Password1,” “Abc123”, and “Passw0rd” aren’t any better, despite having mixed case and numbers.
Password myth 2: A good password must be extremely long
TRUE: Longer is definitely better, but twelve to sixteen characters can be adequate. Shorter passwords take far less time to crack than longer ones. The attacker trying to guess a password that’s only six-characters long is going to have a far easier time than one that is twelve-characters or longer.
Password myth 3: Never write down passwords
TRUE: We don’t recommend writing down your passwords. It is recommended to use a password manager to collect all your passwords.. Not only will password managers store all your passwords in an encrypted vault, but they will fill them in for you. Password managers will audit your existing passwords, looking for those that are old, weak or repeated, and will generate new passwords for each of your accounts.
Password myth #4: Periodically mandating password changes improves security
TRUE: Requiring routine password changes is very important to keep up with your password security. Some organizations even specify minimum password ages to prevent users from immediately switching back to the previous password, password histories to prevent re-use of passwords, and the minimum number of characters to change to assure that a new password is “different enough” from a previous one.
*The above is advice for personal use only. If you are looking for a Password Manager or a Privileged Access Management solution for a business, we would be happy to talk and to share with you our experience and technology solutions. Contact SEGMENTECH Today!