wonderfully unique software solutions

People still rely on myths about password security, warns Keeper

Popular misconceptions around passwords and their security could be holding workers back from achieving correct password hygiene for a solid cybersecurity posture, according to the passwords and secrets management provider Keeper Security.

Some three-quarters (75%) of respondents to a US survey by Google find dealing with IT passwords frustrating, the vendor’s CTO and co-founder Craig Lurey explained in a blog post — so it’s easy to understand why problems managing passwords and the like remain.

“You need to be careful about misinformation and what counts as good password hygiene,” Lurey wrote. “In reinforcing the need for stronger passwords, several opinions are shared – some of which are untrue.”

Lurey said nine popular myths and misconceptions continue to affect password practices, although passwords are typically the first line of defence against attackers.

It’s not true, for example, that you automatically strengthen a password by adding ‘special characters’ — such as & or ^ — and numbers, he said.

Reusing the same combination on multiple accounts makes your strong password susceptible to malicious actors. What’s needed instead is a combination of special characters and numbers that are unique to each account, he explained.

Another myth, he said, is a belief that complexity is more important than length of password.

“A 12-character password containing numbers alone will take only 25 seconds to crack, yet complex passwords that need to be changed every 90 days give employees headaches,” Lurey said.

As a result, workers can end up pasting passwords into a note, or even pasting sticky notes on computer screens.

To avoid successful brute force attacks involving credentials, passwords should be complex but also long — about 10 characters or more, he said.

“The shorter a password, the easier it is to guess.”

In a 2022 study by Keeper, 56% of respondents had reused their passwords.

Also, easy-to-memorise combinations involving pet names, addresses, maiden names and the like can be equally easy for attackers to discover — perhaps simply by searching social media.

“Passwords can be words that are easy to remember but should be within best practices. For example, having ‘northcarolina99’, being your place of birth, as your password will be better worded as ‘N0r+Hc^R0|in^99’,” Lurey noted.

Also, password-strength checkers should not be completely relied upon; resetting passwords frequently is very important in combination with using complex, hard-to-guess, long passwords, he added, ideally stored in a password manager.

Read Lurey’s other top tips on password security here.

( Photo by Mourizal Zativa on Unsplash )

Recent Articles

ShareGate M365 automation lets Teams owners take charge

A Canada-based car club offering insurance has slashed IT workloads and boosted functionality for nine in ten of its end users with...

JetBrains Academy adds 43 topics and four projects for learning code

The programmer education division of developer tools provider JetBrains has followed up seven New Year project releases with 43 new study topics...

Employees often unware of compliance and email security needs, says GFI Software

People at work often know little about their organisation's requirements around email cybersecurity, data management and regulatory compliance, GFI Software has warned...

BrowserStack adds Cypress support for Safari WebKit on OS X and Windows

Cross-browser software vendor BrowserStack has unveiled Cypress support for the Safari browser engine WebKit, expected to assist devs with test automation.

Keeper bulks up zero-trust with new Connection Manager

Zero-trust passwords and secrets management company Keeper Security has updated Keeper Connection Manager (KCM) with new features including SQL Server and PostgreSQL...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox