Debunking popular misconceptions regarding passwords and password managers

Due to the rising frequency of digital attacks, data breaches and the damage caused by internet criminals, the topic of digital security is getting more and more attention every day. Unfortunately, despite this attention, misconceptions, incorrect assumptions and ignorance prevail regarding passwords, password managers and their supporting software. SaferPass will try to debunk some of these misconceptions and misunderstandings because we think that heightened awareness, accurate knowledge of this ever more prevalent area of our lives can mitigate all the risks and eliminate different threats that lurk around the web.

password question stencil print on the grunge white brick wall

1. “Password strength checkers are accurate.”

Surely you’ve already stumbled on a registration screen that looks at the password you’ve entered and shows you in some fashion how “strong” it is.  Unfortunately, many of these password strength checkers are only influenced by the length of a newly created password and not by it’s complexity. This is why you can easily get away with a laughable password like “1234567890” without any type of ‘weak’ password warning.

The only benefit of password strength checkers is the fact that they make people think about entering stronger passwords when registering a new account.

2. “Passwords are safer with big companies.”

Big companies can not afford to spare any expense on security measures because they are a bigger and more tempting target for potential attackers. This line of thought is sadly entirely misleading — the size of the company is irrelevant.  A staggering amount of big companies continue to store their users’ passwords in unencrypted, plain text.  Safety precautions have to be taken regardless of company size.

3. “Two-factor authentication is bulletproof.“

We, of course, accept the awesome power and effectiveness of two-factor authentication, but that doesn’t mean that it’s 100% infallible or unbreachable for attackers.

4. ”I won’t entrust my passwords to a 3rd party.“

This logic is inherently flawed — your own browser is 3rd party software. The probability of an attack is therefore just as high as with any other 3rd party software which means that it shouldn’t make a difference for users who are still deciding whether or not using such software raises their security profile.

5. “A password manager is unnecessary for me.“

Many users haven’t gotten around to using password managers because they either don’t trust them, don’t know about everything they have to offer or think that this “advanced” form of digital security is somehow redundant for them. Here is a quick list of the basic advantages that a good password manager should have to be considered safe and effective:

  • Includes mobile apps that can be used in concert with the desktop version for much higher security
  • Offers an extension directly for your browser
  • Is able to verify and create random and complex passwords
  • Is able to easily log you into all your accounts
  • Can remotely log you out of accounts which have been left logged in and unattended

6. “Passwords consisting of randomly chosen words creating a nonsensical phrase, e. g. “correct bridge sky rain”, are uncrackable with brute force, yet easy to remember.”

While this myth was true some years ago, digital criminals have upgraded their arsenal and added the so-called “rainbow tables” in their password-guessing software. These contain each and every combination of any and all words in a given language.  A couple of years back this type of nonsensical password was as safe as a “12341234” password.  This is no longer the case.

Hopefully, we’ve managed to shed some light on misleading assumptions and successfully debunked these myths in regards to password security.  If you’ve stumbled upon other interesting myths and misconceptions on this topic, please be sure to let us know.  We’ll gladly and eagerly take a look.

Screen Shot 2016-05-18 at 11.54.11