We all need passwords. They are by far the most used form of authentication, not only for accessing accounts over the internet, but also for phone banking, ATM use, opening a safe, and even to take books out of the library.
But misconceptions about passwords are pervasive. Knowing facts about passwords can help you set strong ones and keep your accounts safe.
Major misconceptions about passwords
Misconception 1: Passwords are not a secure authentication method
Passwords are not insecure compared with all of the other options, such as phone numbers, government ID, or biometrics. They are indeed the top authentication method, especially when enhanced with two-factor authentication.
But it’s crucial to use strong passwords. Here is what we expect from a good password:
- It is long and random, so that it can’t be guessed through brute forcing
- It is unique, meaning it you haven’t used it anywhere else
- It is transmitted over a secure channel, i.e., a proper HTTPS connection
Misconception 2: Passwords have a maximum length
When handled properly, passwords can be as long as they need to be. Although your password becomes exponentially more secure the longer it is, 17 characters is generally enough. But if you are encrypting highly sensitive data such as your personal files, you are better off with 23+ characters.
Misconception 3: Using diverse characters is paramount
Many services ask users to use letters (uppercase and lowercase), numbers, and symbols. But length is actually a more important aspect. As the ExpressVPN password generator demonstrates, a password becomes much more secure with added length than it does with more diverse characters.
Misconception 4: Password characters are limited to letters, numbers, and symbols
Depending on the site’s rules, your password could potentially be anything. This includes non-Latin script, rarely used Unicode, or even emojis. If you can type it, it’s a valid password.
Miconception 5: Passwords should be memorable
Strong passwords—long and random ones—are hard to remember, if not impossible. But there’s really no need to remember more than two or three passwords, because there’s an app for that.
Password managers are a great example of how security tools can make your life safer and more convenient and will generate and store secure and strong passwords without you having to worry about remembering them, ever. Some will even automatically fill your passwords into your websites, protecting you from typing them into a fake site or accidentally typing them elsewhere, like your Facebook status.
The only passwords you should have to remember are the password to your computer and the one for your password manager.
ExpressVPN now offers a password manager. Learn more about ExpressVPN Keys.
Misconception 6: Passwords are on their way out
While there may be many attempts to replace the password with something else, we currently have no idea how to do that securely.
While biometrics like facial recognition or fingerprints may be useful in identifying you, they lack in security and are therefore not good for authentication. Asymmetric cryptographic keys could be part of a new system, but they might still be susceptible to man-in-the-middle or phishing attacks.
Strengthen your password security
- Use a password manager. As mentioned above, a password manager lets you use strong passwords on all your accounts and avoid repeating passwords. This is because you don’t have to remember any passwords—except the one you use to access them all.
- Use two-factor authentication. This usually means requiring a second code that gets sent to your phone in order to login (although there are other methods). If someone does find out your password, they still won’t be able to access your account.
Protect your online privacy and security
30-day money-back guarantee