wonderfully unique software solutions

People still rely on myths about password security, warns Keeper

Popular misconceptions around passwords and their security could be holding workers back from achieving correct password hygiene for a solid cybersecurity posture, according to the passwords and secrets management provider Keeper Security.

Some three-quarters (75%) of respondents to a US survey by Google find dealing with IT passwords frustrating, the vendor’s CTO and co-founder Craig Lurey explained in a blog post — so it’s easy to understand why problems managing passwords and the like remain.

“You need to be careful about misinformation and what counts as good password hygiene,” Lurey wrote. “In reinforcing the need for stronger passwords, several opinions are shared – some of which are untrue.”

Lurey said nine popular myths and misconceptions continue to affect password practices, although passwords are typically the first line of defence against attackers.

It’s not true, for example, that you automatically strengthen a password by adding ‘special characters’ — such as & or ^ — and numbers, he said.

Reusing the same combination on multiple accounts makes your strong password susceptible to malicious actors. What’s needed instead is a combination of special characters and numbers that are unique to each account, he explained.

Another myth, he said, is a belief that complexity is more important than length of password.

“A 12-character password containing numbers alone will take only 25 seconds to crack, yet complex passwords that need to be changed every 90 days give employees headaches,” Lurey said.

As a result, workers can end up pasting passwords into a note, or even pasting sticky notes on computer screens.

To avoid successful brute force attacks involving credentials, passwords should be complex but also long — about 10 characters or more, he said.

“The shorter a password, the easier it is to guess.”

In a 2022 study by Keeper, 56% of respondents had reused their passwords.

Also, easy-to-memorise combinations involving pet names, addresses, maiden names and the like can be equally easy for attackers to discover — perhaps simply by searching social media.

“Passwords can be words that are easy to remember but should be within best practices. For example, having ‘northcarolina99’, being your place of birth, as your password will be better worded as ‘N0r+Hc^R0|in^99’,” Lurey noted.

Also, password-strength checkers should not be completely relied upon; resetting passwords frequently is very important in combination with using complex, hard-to-guess, long passwords, he added, ideally stored in a password manager.

Read Lurey’s other top tips on password security here.

( Photo by Mourizal Zativa on Unsplash )

Recent Articles

United Airlines hails DocuSign for ‘seamless’ HR integrations

Major US-based airline United has collaborated on a customer case study for e-agreements in the cloud with vendor Docusign.

Bluebeam rolls out new Revu, bolstering building site logistics

Construction project management application Revu from Bluebeam has been refreshed with an array of new markup and collaboration features, the vendor said.

Smartsheet enjoys fresh market recognition ahead of product updates

Enterprise work platform provider Smartsheet has followed up its FastCompany World's Most Innovative Companies listing for 2023 with a Brand that Matters...

Perimeter 81 outlines need for greater cloud app control and integration

Network security platform vendor Perimeter 81 is showcasing advantages for organisations of controlling access to ever-proliferating SaaS apps - as well as...

Threema adds to business-grade secure messaging for iOS, Android and Desktop

Secure business messaging from Threema now benefits from new updates and features for Android and iOS platforms, following on from an earlier...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox