From social media to office emails, people use passwords on almost all facets of internet communication. Why, then, do they still create passwords that would take a hacker only a few seconds or minutes to crack?
Most likely, it is because of the misconceptions surrounding password security. Users still believe certain things when it comes to passwords, and these beliefs can have potentially dangerous effects on their internet privacy and safety. To prevent such disasters, here are three common password security myths, dispelled.
1. 8 character passwords are strong
Plenty of users think that using eight characters to create a password is sufficient, and websites have helped perpetuate this myth. How so, you ask? When you create an account for any online service, how many times do you see websites making recommendations similar to this: “For security, your passwords must be at least 8 characters long.” In truth, a high-powered computer would only need one second to crack an 8-character password.
For a password to be considered truly strong, it must have a minimum of 16 characters. It must also be unique, and not just a word (or words) taken from the dictionary. Experts say that even these kinds of passwords are not immune to hacking and phishing attacks, so in this case, what kind of security can an 8-character password actually offer?
2. Passwords should contain uppercase & lowercase letters, numbers, and special characters
In cracking passwords, hackers often use what is called a lookup table, which uses indexing to significantly speed up computation time. They are also well-versed in internet user habits—they know what sort of passwords people favor. Hackers put these two elements together to make password cracking a cakewalk.
Take for instance the password “Passw0rd”. It is a combination of uppercase and lowercase letters, and yet it would take a hacker only a few attempts to get it right. You might think that people wouldn’t actually use such an easy-to-guess password, but you’d be wrong: “Passw0rd” is number 19 on SplashData’s list of 25 worst passwords for 2017. And yes, you guessed it, “123456” is number one.
Mixing letters, numbers, and special characters are of no use unless the combination is a random string. To deter hacking, passwords must be something like: “Z892*$2%kqRF7*5!vc0Z”. Think that would be impossible to remember? Unless you’re Rain Man, a password manager tool is essential.
3. Passwords are safe with established corporations
A lot of people tend to think that a big company automatically means a higher level of security. This couldn’t be further from the truth. In a 2017 study conducted by Mozilla, only 50% of all websites are encrypted, and in some cases, even those that are don’t implement high-level encryption when storing login credentials.
A perfect example of this is LinkedIn, a company that is known worldwide. The company got hacked in 2012, and upon investigation, it was discovered that LinkedIn was not using high-level encryption to store user information, so it was fairly easy to decrypt. As of 2016, the number of users affected by the attack has reached more than 160 million.
Be sure to read our guide for more tips on improving your online privacy and security. And download Hotspot Shield to ensure your online activities are encrypted and shielded from hackers.