If you are reading this piece right now – either on your smartphone, tablet or desktop – we can make a couple of guesses about you.
Before opening the link that led you here at all, you have had to unlock your device. Likewise, when you leave here, you will most likely get into some of your other accounts to catch up with the feed of the day.
If you haven’t already done so, that is.
All we are driving at is: you have used a couple of passwords today, and there is a high chance you use even more before the day runs out.
That said, what we are about to tell you might be very shocking:
Not all you think you know about passwords are valid. You don’t have to take our word for it. Here is a couple to change your mind.
1. You should be able to remember your passwords
The fact that you can remember your passwords means there is a high chance a hacker can guess it too. After all, you would have to use something personal (name, date of birth, pet’s name, a memorable date, a combination of these or more) to get something memorable.
Thus, while you think you have set the strongest password which you can also remember, you might have just made the job easier for someone looking to steal your data.
Fix: Use a password manager instead of trying to remember your passwords. That way, you can set your passwords to be random strings of alphanumeric text with special characters, making it almost impossible to decipher.
2. One complex, the master password is all you need
This could never be more wrong.
For one, what you consider a master password might be the easier to crack than you think (more on that later). Besides that, though, using the same password for multiple accounts will just be setting yourself up to get really hurt.
That means a hacker gaining access to one of your accounts now has the master key – so to speak – into your other accounts and data vaults. Surprisingly, this is the case for many users today.
Fix: Trying to develop a complex password is not a poor plan, but make sure each and every one of your accounts has a ‘complex password‘ of their own.
3. Length is everything
Before we tell you why this could be a misconception, we should probably mention that length is very important to a great password. However, it has to be done right for it to work the right way.
Adding an extra character to your password progressively makes it hundreds to thousands of times harder for even a supercomputer to guess such a password. This keeps increasing exponentially with the addition of extra characters.
But then, the kind of characters you are adding is also a huge determinant.
Setting an eight-character password like ‘Passw0rd’ is not the same as having one like ‘P$%^*_08’. Of course, both passwords are eight characters long, but it needs no telling that the latter will be much harder to crack than the former.
Does the latter password look hard to memorize? Kindly refer to #1 above.
Fix: This one is obvious. Focus on the password strength while also keeping length in consideration. Length should not be a single defining factor.
4. Passwords can be invincible
For all the good password are doing, no password can be considered invincible. Well, not in the literal context of the word.
It is very possible to choose a password that would take so much energy, processing power and time to hack. In such cases, a hacker would most likely back off and try exploiting other ways of getting in – if they really do want to get in.
In such cases, the password could be deemed unbreakable.
Fix: Your aim is not to create a password that is impossible to crack. It is, instead, to create one that would be practically unbreakable.
5. Changing passwords frequently is the key
We have seen some institutions where users are practically forced into changing their passwords after a set number of days. When the old password expires, the user has to generate a new one.
While this could be great to ensure a hacker never has a lock on the password at any time, it could cause more harm than good.
Having to change passwords frequently puts a strain on the user – a pressure to come up with unique combinations every time. It is, thus, almost inevitable that they end up developing predictable patterns in their password-creation approach after a while.
Fix: Rather than dwelling on changing passwords frequently, gun for creating strong passwords and maintaining other recommended password practices.
It is not a crime to be guilty of those misconceptions, but ignorance has never been an excuse not to get attacked. Now that you know what mistakes you might have been making with passwords, and how to fix them, there is no better time to get your password management right than now.