Are Security Experts Wrong About Passwords?

password security

For years now we’ve been educated on the importance of ‘strong’ passwords and what constitutes a strong password. When creating a password, you must include both letters and numbers, with at least one of those letters capitalized, to help ensure your privacy. Be sure to include a special character as well, and avoiding personally-identifiable information, such as your date of birth or child’s name. In addition to utilizing strong passwords, we’ve been discouraged from using the same password for multiple accounts or platforms. We’ve also been directed to change our passwords regularly. All these recommendations are necessary to protect us from financial fraud and identify theft. Or so we’ve been told. But, is this really accurate or practical?

While creating long, complex passwords won’t do you any harm, this practice can lead to problems that will undermine security. For starters, complicated passwords are difficult to remember, which inevitably leads to bad digital habits such as resorting to predictable password patterns, inappropriately reusing passwords, or writing down passwords. All these practices create security vulnerabilities.

The practice of changing passwords regularly results in similar outcomes. Changing them every several weeks or months typically results in people resorting to easy-to-crack passwords. To comply with this directive, many people simply change the last character of the string every now and then to the next item in the sequence. For example, modifying the password from ‘ABCDEF1’ to ‘ABCDEF2’. Regularly changing your passwords is not harmful in and of itself; however, doing so tends to lead us to create ones that are hardly ideal.

So, what should be considered as the best practice when it comes to creating a secure password? According to the experts, we should utilize passphrases rather than passwords. Rather than a string of letters, numbers, and special characters, use a phrase that’s easy for you to remember, or even a full sentence. For example, something such as ‘Thank_God_It’s_Friday’ is complex enough while remaining easy to remember. And, only change this passphrase if your platforms have been put at risk by a data breach or other vulnerability. By employing this strategy, you’ll create strong-enough passwords that are easy to remember without falling victim to bad or lazy habits.