University of Southern California

Clearing Up Misconceptions About What Makes a Strong Password

Posted on by mechling

Many people think they are creating strong passwords, when in reality they are making it relatively easy for hackers to infiltrate their accounts. Ensure that your password is as secure as possible by avoiding these common misconceptions:

“Replacing letters or words with digits will make my password more secure.” Hackers are prepared to test the most typical substitutions (! for i, 4 for for, 3 for eetc.), so using p@ssword instead of password will not dramatically improve the security of your account.

“Hackers will not be able to guess my password if I base it off a keyboard pattern.” Figuring that random strings of characters will be harder to guess than words or phrases, some users rely on generic key patterns to create their passwords, such as typing out the entire top string of letters (qwertyuiop). It turns out, these key pattern passwords are often the first guesses hackers make when trying to break into accounts.

“Passphrases are harder to guess than passwords.” This is true, to an extent: passphrases are harder to guess than passwords. However, this only applies if you use an obscure phrase. Common phrases like outofthepark and iloveyou are only slightly more secure than standard dictionary words.

Try to avoid these common mistakes as you create your next password. (If you created your current password based on one of these misconceptions, we recommend you change it as soon as possible.) You can look to our collection of password tips to come up with more secure password ideas. Finally, remember to never share your passwords with others; keeping your password private is one of the most critical steps you can take to protect your accounts.

Read more about password misconceptions:

http://www.securitymagazine.com/articles/87177-users-perceptions-of-password-security-dont-always-match-reality
http://lifehacker.com/5893510/using-common-phrases-makes-your-passphrase-password-useless-heres-how-to-pick-a-better-phrase
https://nakedsecurity.sophos.com/2016/06/07/can-you-spot-a-strong-password/

Comments are closed.