Despite their many flaws, passwords are still important. Social media, email, educational applications, online banking, gaming, or any other online services— pretty much anything that stores some form of user data still relies on passwords to keep criminals out. Passwords are the most common form of verification used, not just on the internet but also on the telephone, when opening the safe, at the ATM, and for getting books in the library.
The misconceptions about passwords are, therefore, manifold. Many companies, especially banks and government institutions are notorious when it comes to arbitrary restrictions on passwords. Their reasons for these restrictions range from the need to educate users about bad or outdated advice, and false convictions of security threats.
To be on the safe side, it is probably an excellent idea to be wary of any site that puts limitations on your password, except a minimum length. Here are some of the misconceptions you might have about password use.
Major Misconceptions about Passwords
Passwords are secure
When we compare passwords with other options like government ID, phone numbers, or biometrics, we find that passwords are less secure. They are, however, still the most commonly used authentication technique, especially when combined with two-factor authentication. You should be careful though as not all two-factor systems are good.
Here is how a good password should look like:
- It should be unique, meaning it should not have been used anywhere else.
- It should be strong, meaning it cannot be predicted through brute-forcing.
- It is imparted over a secure passage, i.e an appropriate HTTPS connection, by a user who is aware of phishing.
Passwords are not to be memorized
You really don’t have to memorize more than two passwords—there is an app for that! Security tools such as password managers can come in handy when you forget your password. They are convenient and will store, secure, and generate strong passwords without you being forced to remember all of them. Some will even fill your passwords automatically into your sites, shielding you from phishing or erroneously typing them elsewhere.
The only two passwords you need to remember are the one to your computer and one for the password manager.
Also read: 8 Ways to Make Money from Your Blog
Passwords can be as long as possible
Passwords can indeed have a limitless number of characters. A service provider would normally salt and hash your password and only keep the hash, so you don’t have to stress about the length. Although the longer your password the most secure it is, 17 or more characters is typically enough. If you are encrypting extremely sensitive data, for instance, a bitcoin wallet or personal files, then you will be better off with 23 or more characters.
Passwords are here to stay
While many attempts have been made in a bid to replace the use of passwords, there is currently no secure way to do so. Biometrics such as fingerprints and facial recognition are hugely lacking when it comes to security, and while they can be used to identify a user, they are not effective for verification. Asymmetric cryptographic keys may be a good replacement, but they are still vulnerable to phishing or man-in-the-middle attacks. So yes, we are stuck with passwords for now.
Passwords can contain anything
While not all websites might accept it, your password can pretty much include anything. Whether it’s rarely used: Unicode, emojis, or even a non-Latin script; as long as you can type it, it’s an authentic password.
There you have it; the common misconceptions about passwords. Don’t stress so much, it’s easy to alleviate password hack risks. Technology might sometimes seem like a scary thing, but with some discretion, common sense, and a few helpful tools, it is easier to steer clear of even the most critical of threats. In a nutshell, ensure your gadgets (phone and computer) are always up to date and be cautious when clicking links in websites or emails. You can save the sites you usually visit as a bookmark and utilize a password manager to generate and store unique passwords.