wonderfully unique software solutions

People still rely on myths about password security, warns Keeper

Popular misconceptions around passwords and their security could be holding workers back from achieving correct password hygiene for a solid cybersecurity posture, according to the passwords and secrets management provider Keeper Security.

Some three-quarters (75%) of respondents to a US survey by Google find dealing with IT passwords frustrating, the vendor’s CTO and co-founder Craig Lurey explained in a blog post — so it’s easy to understand why problems managing passwords and the like remain.

“You need to be careful about misinformation and what counts as good password hygiene,” Lurey wrote. “In reinforcing the need for stronger passwords, several opinions are shared – some of which are untrue.”

Lurey said nine popular myths and misconceptions continue to affect password practices, although passwords are typically the first line of defence against attackers.

It’s not true, for example, that you automatically strengthen a password by adding ‘special characters’ — such as & or ^ — and numbers, he said.

Reusing the same combination on multiple accounts makes your strong password susceptible to malicious actors. What’s needed instead is a combination of special characters and numbers that are unique to each account, he explained.

Another myth, he said, is a belief that complexity is more important than length of password.

“A 12-character password containing numbers alone will take only 25 seconds to crack, yet complex passwords that need to be changed every 90 days give employees headaches,” Lurey said.

As a result, workers can end up pasting passwords into a note, or even pasting sticky notes on computer screens.

To avoid successful brute force attacks involving credentials, passwords should be complex but also long — about 10 characters or more, he said.

“The shorter a password, the easier it is to guess.”

In a 2022 study by Keeper, 56% of respondents had reused their passwords.

Also, easy-to-memorise combinations involving pet names, addresses, maiden names and the like can be equally easy for attackers to discover — perhaps simply by searching social media.

“Passwords can be words that are easy to remember but should be within best practices. For example, having ‘northcarolina99’, being your place of birth, as your password will be better worded as ‘N0r+Hc^R0|in^99’,” Lurey noted.

Also, password-strength checkers should not be completely relied upon; resetting passwords frequently is very important in combination with using complex, hard-to-guess, long passwords, he added, ideally stored in a password manager.

Read Lurey’s other top tips on password security here.

( Photo by Mourizal Zativa on Unsplash )

Recent Articles

Cross-browser testing provider BrowserStack named Microsoft ‘partner of choice’

Software testing platform provider BrowserStack has announced a strategic partnership with Microsoft to support Visual Studio App Center users transitioning to BrowserStack...

JetBrains rolls out full-line code completion for its IDEs

Developer tools company JetBrains has added to its AI-enablement tools with full-line code completion for its integrated development environments (IDEs), separate to...

OpenText renews X12 supply-chain data standards partnership

Enterprise information management (EIM) software vendor OpenText is renewing its partner licensing agreement with the X12 electronic data interchange (EDI) standards organisation.

LiveAction NPM performance extended for Cisco unified server users

Network intelligence from vendor LiveAction has been certified to work with high performance Cisco servers, increasing availability of its packet data and...

CoSoSys endpoint DLP helps protect NHS ambulance services

Endpoint Protector by CoSoSys was deployed to control removable devices and enforce endpoint encryption wherever some 4000 staff at NHS South East...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox