Search by Keyword

Browse by Topic

Browse by Format

Are Security Experts Wrong About Passwords?

password protocols

Your passwords may not be as robust as you think.

For years now we’ve been educated on the importance of ‘strong’ passwords and what constitutes a strong password.

When creating a password, we've been told that you must: 

  • Include both letters and numbers
  • Contain at least one of those letters capitalized
  • Be sure to include a special character
  • Avoiding personally identifiable information, such as your date of birth or child’s name
  • Do not use the same password for multiple accounts or platforms
  • Change your passwords regularly

All these recommendations are necessary to protect us from financial fraud and identify theft. Or so we’ve been told. But, is this really accurate or practical?

While creating long, complex passwords won’t do you any harm, this practice can lead to problems that will undermine security.

For starters, complicated passwords are difficult to remember — which inevitably leads to bad digital habits such as resorting to predictable password patterns, inappropriately reusing passwords, or writing down passwords. All these practices create security vulnerabilities.

The practice of changing passwords regularly results in similar outcomes. Changing them every several weeks or months typically results in people resorting to easy-to-crack passwords. To comply with this directive, many people simply change the last character of the string every now and then to the next item in the sequence. For example, modifying the password from ‘ABCDEF1’ to ‘ABCDEF2’. Regularly changing your passwords is not harmful in and of itself; however, doing so tends to lead us to create ones that are hardly ideal.

So, what should be considered as the best practice when it comes to creating a secure password? According to the experts, we should utilize passphrases rather than passwords. Rather than a string of letters, numbers, and special characters, use a phrase that’s easy for you to remember, or even a full sentence. For example, something such as ‘Thank_God_It’s_Friday’ is complex enough while remaining easy to remember. And, only change this passphrase if your platforms have been put at risk by a data breach or other vulnerability. By employing this strategy, you’ll create strong-enough passwords that are easy to remember without falling victim to bad or lazy habits.

Related Articles

Need Some Expert Advice?

Get the business technology solutions your company needs to improve efficiency and business profitability.