Before you got to this piece today, you must have had to turn on your device, enter your password and then get surfing the web from where you found this piece. For something we do as often as interact with passwords, it is suspiring to note that we might not really know much about them.
To put that in another way, the things we think we knew of passwords might not even be close to being true at all.
If you won’t take our word for it, here are a couple of things you must have gotten wrong about passwords too.
#Passwords are Going Extinct
Password is a form of technology. Like every other form of technology, too, there is the expectation of an upgrade from time to time. Seeing how fast the world is moving, it is very easy to think that passwords are going down the drain too.
That could not be more wrong.
Many times, this kind of thinking stems from the fact that we now have biometrics just about everywhere. Even our smartphones have fingerprint readers, iris scanners, facial recognition systems and such today.
However, it should be noted that all of these are still dependent on passwords. Afterall, your device prompts you to enter a password first before setting those up.
We don’t know about you, but that tells us that they are still very much important.
#Passwords can be un-hackable
There are a thousand and one ways by which hackers could get a hold of your password. Of these, we have the brute force attacks, phishing attempts, rainbow table attacks, malware attacks, dictionary and hybrid hacking models, and so much more.
Combining all of these, it is impossible to create a single password that cannot be hacked. Given time, the computer algorithm behind the hack will find out what password you are using.
Why, then, should you even bother about strong passwords?
While all passwords can be hacked, time is the defining factor. You could create a password that could be hacked in mere minutes to hours or have one which will take several years to crack. Yes – several years.
To get the latter, you should employ an online password generating software – and they come free too. Make sure you get a password manager to save the generated passwords too since there’s a slim chance you remember what it is.
Trust us when we say no hacker will stay on your account for several years just to get in.
#Eight characters are the standard
We believe this misconception stemmed from the recommendation of many websites, apps and platforms for users.
When creating an account, there will always be a prompt for the user to use at least, eight (8) characters in their password. This has been repeated so much that it has now become sort of a standard in the hearts of many users.
Honestly, that is not true.
In fact, Edward Snowden – who has worked with the NSA and knows way more about hacking than any of us probably would – believes an 8-character password will only take a computer mere seconds to hack. Mere seconds!
That is why we recommend making sure your passwords start from sixteen (16) characters. For highly sensitive data, use twenty-one (21) character passwords and above. Again, refer to the password generators (discussed above) for the best results.
Speaking of length…
#Length is everything
Users who are truly concerned about their data privacy and security tend to set long passwords – and that is advisable. But then, length is not always everything too.
Over time, numerous hacks have occurred which has, in turn, informed hackers of password setting habits of users. Thus, a lengthy password can be very predicable – especially by any of the hacking models we suggested above.
For example, a forty (40)-character password made up of a sentence might look secure, but it would be discovered by a dictionary hack in no time. If a couple of letter-to-symbol substitutions were made, a hybrid attack will take care of that in a couple of hours too.
This tells you that length is not the deciding factor, rather, the level of complexity that the password brings with it.
#Companies keep your password safe
The big companies invest a lot of money in ensuring your password data is safe, but that does not mean you should trust them all blindly. Due to the fact that they have a huge database of passwords, they are usually the target of hackers.
Afterall, the hacker could get a huge payday from such a huge database than targeting you directly.
With options like rainbow table attacks on the table, passwords stored as hashes are not even safe. Thus, you should always monitor your accounts for suspicious activity and change your password if you notice any.
Don’t rely on the companies to let you know when a breach happens either. If you don’t believe us, you should check out Uber who tried to hide a breach of 57 million accounts (of both riders and drivers) before they were found out.