wonderfully unique software solutions

People still rely on myths about password security, warns Keeper

Popular misconceptions around passwords and their security could be holding workers back from achieving correct password hygiene for a solid cybersecurity posture, according to the passwords and secrets management provider Keeper Security.

Some three-quarters (75%) of respondents to a US survey by Google find dealing with IT passwords frustrating, the vendor’s CTO and co-founder Craig Lurey explained in a blog post — so it’s easy to understand why problems managing passwords and the like remain.

“You need to be careful about misinformation and what counts as good password hygiene,” Lurey wrote. “In reinforcing the need for stronger passwords, several opinions are shared – some of which are untrue.”

Lurey said nine popular myths and misconceptions continue to affect password practices, although passwords are typically the first line of defence against attackers.

It’s not true, for example, that you automatically strengthen a password by adding ‘special characters’ — such as & or ^ — and numbers, he said.

Reusing the same combination on multiple accounts makes your strong password susceptible to malicious actors. What’s needed instead is a combination of special characters and numbers that are unique to each account, he explained.

Another myth, he said, is a belief that complexity is more important than length of password.

“A 12-character password containing numbers alone will take only 25 seconds to crack, yet complex passwords that need to be changed every 90 days give employees headaches,” Lurey said.

As a result, workers can end up pasting passwords into a note, or even pasting sticky notes on computer screens.

To avoid successful brute force attacks involving credentials, passwords should be complex but also long — about 10 characters or more, he said.

“The shorter a password, the easier it is to guess.”

In a 2022 study by Keeper, 56% of respondents had reused their passwords.

Also, easy-to-memorise combinations involving pet names, addresses, maiden names and the like can be equally easy for attackers to discover — perhaps simply by searching social media.

“Passwords can be words that are easy to remember but should be within best practices. For example, having ‘northcarolina99’, being your place of birth, as your password will be better worded as ‘N0r+Hc^R0|in^99’,” Lurey noted.

Also, password-strength checkers should not be completely relied upon; resetting passwords frequently is very important in combination with using complex, hard-to-guess, long passwords, he added, ideally stored in a password manager.

Read Lurey’s other top tips on password security here.

( Photo by Mourizal Zativa on Unsplash )

Recent Articles

CoreView expects further sales growth as Microsoft launches ‘disruptive’ tools

Microsoft 365 (M365) management software vendor CoreView is gearing up for greater demand, predicted to be fuelled further by AI adoption via...

Keeper Security expands global reach with new investments in zero-trust security

Keeper Security has opened an Asia-Pacific (APAC) headquarters in Japan, reflecting increased global interest and investment in unified, zero-trust enterprise passwords, secrets...

iSpring follows Salesforce integration with Albato no-code automation

Edtech software vendor iSpring Solutions has announced integration of the iSpring Learn learning management system (LMS) with no-code automation from Albato, expanding...

Cybersecurity alignment can help drive business success: Delinea

Business leaders often overlook the role of cybersecurity in business success, according to privileged access management (PAM) software provider Delinea.

Patch Tuesday targets zero-day vulnerabilities every month, warns Automox

Monthly 'Patch Tuesday' reports have recorded 11 months in a row of zero-day vulnerabilities, according to an update from patch management vendor...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox