In today's world it seems far too often computer security takes a backseat to all the drama and stories and feeds that engulf social media. So I decided in light of this and as a late Computer Security Day post I wish to enlighten those who may come across this post on the myths of password security and some good password hints and tips that are good for all platforms.
MYTHS:
- Complex Passwords are #1
- Password strength is directly related to password entropy. Password entropy is increased more efficiently as the password length is increased when compared to replacing letters with symbols.
- FACT: While "P$s2#$%0" is a very strong, however, "golfhoneykangaroocookiedogbasket" is a stronger password
- It is important to choose random words rather than: names, repeating sequences, or well-known key strokes such as "qwerty"
- Websites and Large Companies Securely Store Passwords
- 50% of web apps store unencrypted passwords AKA just text
- Password Checkers Force The Creation of Strong Passwords
- Password checkers (the things that say if your password is good or not when signing up for websites) use custom security criteria in order to test the "strength" of a password. These subjective criteria are not necessarily best practices (EX: limited length passwords).
- 2 Factor Authentication Allows for Weak Passwords
- Like any security method that has ever been implemented, there are security flaws.
- Matthew Prince, CEO of CloudFlare, had his email compromised even after implementing two factor authentication.
- IT IS STILL A GOOD IDEA TO USE THIS! HOWEVER, use a STRONG password as well as implementing this.
- CAPTCHAs Keep Your Accounts Safe
- Are not secure and are more effective at decreasing the effectiveness of the user interface than actually being a method of security
- Text based CAPTCHA values are only agreed on 71% of the time and take ~10s on average to solve
- Audio based CAPTCHA values are only agreed on 31.2% of the time and take ~28s on average to solve
- Are not secure and are more effective at decreasing the effectiveness of the user interface than actually being a method of security
GOOD PASSWORD PRACTICES:
- Try to make your password at minimum 12-15 characters long
- Avoid common terms, repetitiveness, or common numbers (2580, 1234, etc.)
- Spread out the capital letters, special characters, and numbers
- Don't use the same password on multiple accounts
- Don't change your passwords very often, make them stronger
- Don't use your username in your password
- Use two-factor authentication when available