High profile data breaches are no longer a shock for anyone, everyday someone or the other brand is making headlines for not so good reasons. Throughout the incidents you might have heard about how you should choose a strong password or how you should change it on the regular intervals. But at the same time, this situation also gave rise to some myths related to password security. Debunking these commonly believed password myths will help developers build smarter password policies. So read on guys!
Myth 1: Complexity wins over the length
This is one of the myths most of us are guilty of believing at some point of the time. But in reality, it depends on the type of attack. For eg, the type of passwords can be cracked by Discovery attack were different than by Brute Force attack. Many of the users believe a short password with special characters like fhk$%&gh to be stronger than a longer easy to remember password like sirigolfguitaramerica but this is not true.
In short, it all depends upon entropy, how much uncertainty the password contains or how complex it is to crack the password. Increasing length increases the uncertainty thus making it more difficult to crack the password.
Another thing that must be taken care of is to use the words that are not interrelated. Like in above example, siri, golf, guitar, america, words were not at all related to each other. Choosing a person’s name or birthday month as password is still a poor approach.
Myth 2: Big brands ensure 100% password security
Do you know 50% of the website don’t use encryption while storing your passwords? No encryption means anybody with the access right can not only see your passwords, but also can modify and misuse it. The data breach incident that took place in 2012 for Linkedin is the proof of the same.
To avoid this situation, as a user you must create a strong and unique password for every website, while as a web owner, it is your responsibility to remind your users to do so. It will keep your users secure and prevent an attack to hack into your system.
Myth 3: If you have added Multi-factor authentication, you don’t need to choose a strong password
Just like all other applications, implementing multi-factor authentication also doesn’t guarantee 100% security (if anything like this even exists!). In the past few years, some advanced hackers were able to barge into the organizations that had successfully implemented multi-factor authentication.
Now by saying this, I not at all mean you should implement a multi-factor authentication for your brand. Instead it is recommended to implement the solution if you are dealing with highly sensitive data but never, I say, never assume it to be an alternative of the strong passwords.
Finally, technologies are evolving, users are becoming smart but hackers are getting smarter! So no matter which technique you are deploying to enhance security, staying updated is the key to prevent attacks. Avoid these common password security myths and stay safe!