paint-brush
Passwords Suck: Here Are 4 Ways We Can Fix Themby@dewzilla
309 reads
309 reads

Passwords Suck: Here Are 4 Ways We Can Fix Them

by DewzillaJune 2nd, 2021
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Passwords are a critical part of cybersecurity that individuals and businesses use every day.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Passwords Suck: Here Are 4 Ways We Can Fix Them
Dewzilla HackerNoon profile picture

With so many websites and platforms on which we set complicated passwords, remembering them is becoming a memory challenge. Naturally, most of us forget passwords from time to time. 

In 2004, Gates predicted that passwords would die out. But, in 2021, we are still using them to log into our social platforms and emails, among many other uses.

There were also other criticisms regarding the level of security and protection passwords provide. Cybersecurity professionals and businesses criticize individuals for bad password choices, without noting that technologies allow them to set such passwords. However, many people
continue to set weak passwords and appear to be oblivious of common best practices.

Many businesses provide no upfront instructions on how to pick the passwords they require us to have. Probably, it’s because they believe we already know or can find out this information elsewhere. However, the fact that individuals continue to use weak passwords implies that they have an optimistic view.

Besides individuals, business professionals and digital marketers usually deal with different passwords for various business channels. Web security in digital marketing is an important topic, especially with the increasing rates of cyberattacks and fraud.

Passwords are a critical part of cybersecurity that individuals and businesses use every day. Furthermore, passwords do not look to be going away anytime soon.

4 Password Tips and Ideas

1- Lengthy Passwords

Businesses ask us to register when we want to look up something on their website or use their online services. Then, while we are registering they ask us to set a password. We set one, they don’t accept it and ask us for a “complicated” password. But, what is a complicated password?

Registration forms normally require at least 8 characters, including a capital letter, a number, a special character. The complexity that websites require for users’ passcodes has been changing and evolving through the history of web design. It’s because web developers and businesses are finding new ways to protect user accounts from cyberattacks.

Although, the complexity of passwords can make it hard to guess, cybersecurity professionals, think that lengthy passwords are better. It means that a lengthy password, made up of a combination of unrelated
words, is more secure than a complex one.

This is a recommendation by the National Cyber Security Center which is beneficial for both setting and remembering passwords.

2- In Advance Guidance

Another problematic thing we face when choosing passwords is websites don’t provide guidelines and criteria from the start. Many sites only reveal password choosing rules after we try combinations that aren't allowed.

When attempting to create a password for such websites you will be informed that you need to choose a stronger password.

When choosing a password that these platforms consider strong and accept without complaining, it doesn’t seem to be that secure! These passwords can be brief and predictable, and yet these security systems accept them.

For example, if you attempt passwords like “abcde1” or “12345a” they accept it without any error. While we all know that such choices are very predictable and simple to guess.

Some websites apply tactics such as password meters to assess our selections. But that cannot compensate for a lack of guidance.
While these meters provide some feedback, they are not a replacement for
offering insight into what a good password looks like.

When you choose a bad password on these websites, the only feedback you receive is that it’s very weak. They don’t suggest anything to improve it or say the reason for the weakness.

3- Recovering a Password

You usually register on websites entering your email address and/or cell phone number. When you forget the password, you can simply click on the “forgot password” link. It is often found next to the login button.

Then, the website will ask for your email address or mobile number to check and identify your account.

After this step, they send you an email regarding your password change. The email includes a link, and when clicked on, it leads to a page where you can set a new password.

Sometimes, you don’t receive the email containing the password change link. If that’s the case check your email’s junk or spam folder. If it was not there either, you can contact customer support to resolve your passcode issue.

4- Strong Passwords

Of course, having emphasized the lack of decent guidance, it would be irresponsible to conclude without providing some. The National Cyber Security Center’s password guidelines are presented and briefly described here:

  • Use a strong and distinct password for your email, as this is frequently your gateway to other accounts. It's a good idea to complement this with the advice “don’t use the same password across several accounts.” As there is the risk of a breach of one account leading to a breach of all.
  • Make strong and long passwords out of three random words - this will result in better, more memorable passwords. Though, many websites wouldn’t allow you to choose a password without using symbols and numbers.
  • Keep your passwords in your browser to avoid forgetting or losing them. Remember, you should only save passwords on the browser when you are
    working with your private computer. Avoid saving passwords on a university, library, or even a friend’s laptop.
  • Enable two-factor authentication, which adds an extra layer of security even if your password is hacked. Google Authenticator (GA) is a practical tool for this purpose. You can download it on your phone and connect it to your account on the website by scanning a QR code. Whenever you log in or trigger a sensitive request (e.g. a financial transaction), you can enter
    the GA-generated code.
  • Don’t share passwords with other people since it would not be your password anymore.
  • Don’t keep a record of them that can be found by other people easily. Though, it is OK to keep them in a secure area, such as a password management program.