1. Common Password Misconceptions

Think for a moment. Add up the number of past and present online services or devices you have ever used log-ins and created passwords for. The number can be quite surprising. Chances are the number of log-ins you use regularly are well into double digits, if not hundreds.

Right from when we first accessed our internet service providers, we used digital passwords to connect with and manage some very important aspects of our lives. This includes banking and financial information, healthcare, social networking, employment, reading newspapers and books, shopping, listening to music, watching movies, and many more — the list goes on.

The advice given on secure password generation has and will continue to shift over time and for good reason. Technology changes, and along with that comes the need to change the way we keep our passwords safe and secure and stay up to date with the latest practices.

A 2018 large-scale Virginia Tech study of 28.8 million users and 61.5 million passwords freight yearsiod found that many people reuse the same password or only slightly modify a password between applications, putting themselves and their data at risk.

There are many misleading ideas about what constitutes a ‘strong’ password. So, let’s take a look at some of the common misconceptions about passwords around today.

2. Open Sesame! The Need for a Secret Word to Pass

Open Sesame! The Need for a Secret Word to Pass

The use of passwords for protection and subsequent abuse of passwords for nefarious means in various aspects of life is, of course, nothing new. The challenge today is finding passwords that no one else can crack.

Arabian Nights folklore tells of Ali Baba’s discovery that a cry of Open Sesame would access the stash of treasures stolen by the 40 Thieves (and the troubles that caused!). Many now-not-so-secret ancient societies are said to have long been ensconced in the use of secret and coded written and spoken words, scripts, and manuscripts to identify and recognize those ‘in the know.’

Fast forward through each millennium to the present day, and we’re not only still using passwords to protect our privacy and possessions, but our use of them across digital devices is also prolific. The use of secret words, codes, and language to both access and keep information hidden and private has been going on for centuries.

3. Password Requirements Change over Time

Password Requirements Change over Time

These days, there are many, many more than 40 thieves to contend with. Threats to online privacy and security include, but by no means are limited to, data breaches, hackers, phishing, malware, public Wi-Fi, and even the most basic of all, shoulder surfing (someone physically looking over your shoulder while you tap in your password.)

Just as technology advances in leaps and bounds, so too does the advice given to users on generatirobustust passwords. What was considered secure in the early days of signing into websites back in the mid-90s, no longer cuts it 20-30 years later through an increasingly online existence accessed through apps and portals.

4. Length Does Matter and Eight Is Not Enough

The length of your password is what is considered to add the most security in today’s digital world. While you may not need to opt for something like the longest word in the English language — it’s the 45-character count Pneumonoultramicroscopicsilicovolcanokoniosis, by the way — do try to go for around 12-17 characters all up. In mathematical terms, length matters more than complexity.

5. Character Diversity Is Not the Be All and End All

Incorporating a diverse range of character combinations in a password does help strengthen your password, but remembering the overall length is the most important. A short password using a combination of characters such as *&34$+! may look like a tough nut to crack but in reality, cyber-criminals use software that could generate that combination in a second. Additionally, brute force and dictionary attacks are becoming more common and increasingly sophisticated.

6. Your Provider or Institution Doesn’t Always Know the Best

Password rules and requirements on individual websites and institutions are usually determined by what their system is designed to accept, not necessarily what is currently considered the most secure.

For access, of course, you will need to follow their system requirements, but keep in mind other idiosyncrasies of password generation and consider using a random password generator that allows you to adjust the number of characters and include or exclude special characters and numerals.

7. A Strong Unique Password Is Not Enough

Don’t rely just on a single unique password. If available through your service provider, use other security features such as two-factor authentication where you receive a text to confirm and/or biometrics using your fingerprint in combination with each password. While neither of these methods is perfect on their own as yet, using them in conjunction with a password generator will add another layer of protection to your information.

8. You Don’t Necessarily Have to Update Your Password Regularly

One of the main reasons some sites force you to update your password periodically is to reduce the risk of a password being used by others in the event they are inadvertently leaked. What is most important about aboeveryery password you use is that it ly unique to that account or app and not used anywhere else. Being unique also means not having variations on a personal theme, a certain character, or a word combination that you use across multiple apps.

9. You Don’t Have to Remember All Your Passwords

Even superhumans with eidetic or photographic memories would probably be hard-pressed to accurately recall unique long passwords for dozens of online log-ins! It may seem like a contradiction, but do make the most reputable password manager applications to securely store your unique passwords.

Passwords in one form or another to authenticate users have been around for a long time and will probably continue to be until more efficacious biometric methods are in place.

10. Key Takeaways

The key points for secure passwords are to make sure they are long and include a mix of characters and numbers (including upper and lower case); use a strong and unique password for each service provider or site in combination with two-factor authentication and/or biometrics to confirm your identity, and regularly review and do a security check on the way you use your devices and apps to keep your privacy and password security in check.