3 Password Security Myths That Too Many of Us Believe

Akshata Shanbhag 17-12-2015

When it comes to protecting our passwords, we swing to extremes: either we get paranoid or we get careless. That isn’t helpful, especially when there are so many security myths floating around. Take the following three, for example.


1. “Two-factor authentication is failsafe.”

Yes, two-factor authentication (2FA) is a smart way to secure your online accounts, and everyone should use it, but it doesn’t make your accounts 100% impervious to hackers 5 Ways Passwords and Other Data Can Be Stolen From Right Under Your Nose If you lose your password to criminals, your entire existence can potentially be rewritten. Protect yourself. Read More , and you can’t get away with weak passwords just because you have 2FA enabled.

That said, your accounts are a lot safer with 2FA protection than without it. Don’t forget to download the backup codes Using 2FA on Google? Download Your Backup Codes Now! After enabling two-factor authentication on Google, there's one important step you can't afford to forget. If you do, you could end up locked out of your account forever. Read More though.

2. “Passwords are secure with big companies.”

Big brands can give you the illusion of security. Since they’re big, they must be more vulnerable to attacks, right? And therefore they take more measures to protect themselves and their users, right? That’s the reasoning we all fall prey to.


Sadly, that reasoning doesn’t work. Many companies are known to store passwords in unencrypted form (i.e, plain text). The size of the company doesn’t matter. That’s why even for big name accounts, you should continue to follow the same best practices that you follow for other accounts.

3. “Password checkers are accurate.”

When you’re creating a password, having the password checker say something like “your password is 98% strong” can make you feel safe, but it’s not a reliable way to judge how vulnerable your password is Test Your Password Strength with the Same Tool Hackers Use Is your password secure? Tools that assess your password strength have poor accuracy, meaning that the only way to really test your passwords is to try to break them. Let's look at how. Read More to attack. The good news is that the password meter does make you serious about creating strong passwords.

Debunked myths like these can help you pay attention to your digital security and still accept that there’s only so much you can do about it.

Are there any password security myths that you believed to be true and yet got dispelled? Tell us about them!

Image Credit: Password Note by shutteratakan via Shutterstock

Related topics: Debunking Myths, Online Security, Password.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Mary
    January 4, 2016 at 3:53 am

    Happy new year Akshata,

    I produce a morning business hour on WGN Radio in Chicago from 5-6 a. We'd like to have you on to discuss this piece about password myths. We can have you on live or we can do a pre tape any time. Let me know if you are interested... 312-222-5004. Thanks!

  2. Anonymous
    December 18, 2015 at 3:06 pm

    Personally I use a system of passwords composed of numbers, special characters and both upper and lower case letters. The system is easy enough for me to remember but no so obvious to hack even to someone who knew the system as well. In fact at times even I get it wrong, but knowing that there are only so many permutations I can get it right with a few tries. No defense is foolproof, of course, but since I never shared this system with anyone I'm relatively confident that I'm reasnoably safe.

    That applies only to ordinary sites, though. For bank accounts and other sensitive online services I use completely random password credential that I kept written down on paper, scattered around my house with no indications as to what they unlock and I only access those services from amnesic operating systems bootable from USB drives (TAILS) and never, ever, from a mobile device.

  3. Anonymous
    December 17, 2015 at 4:27 pm

    Another myth (which was probably accurate at the time) is that a "passphrase" like "correct horse battery staple" - see - would be uncrackable yet easy to memorize; since then, password cracker apps have added "rainbow tables" of all the common English words, meaning they're completely unsafe now.

  4. Anonymous
    December 17, 2015 at 3:46 pm

    "The good news is that the password meter does make you serious about creating strong passwords."
    Depending which password checker/meter you use. Just for giggles, I put in a password made up of the 26 consecutive letters of the English alphabet into several checkers. Some, correctly, rated this password as weak. Unfortunately, others, announced it to be 99.99% strong and uncrackable in quadrillions of years, which is patently wrong (and extremely dangerous).

    • Akshata Shanbhag
      December 18, 2015 at 1:12 am

      Your test results are in sync with what I have mentioned in the article: password meters are inaccurate.

      The bit about password meters making you serious about creating strong passwords refers to the fact the meters act as a wake-up call for people who would otherwise type in short, common passwords like password or user123456...

  5. Anonymous
    December 17, 2015 at 1:28 pm

    Instead Of Using Your Own Brain For Creating And Remembering Individual Passwords, You Trust All Your Life Keys To Third Party Services Or Software.

    What Could Possibly Go Wrong ?


    • Anonymous
      December 17, 2015 at 3:37 pm

      The master password to your Password Manager can be hacked, exposing all the other passwords. :-)

      • BlackOnyx
        December 17, 2015 at 10:39 pm

        Why not, use the bio scanners (fingerprint or face recognition) as your password manager.
        Now wither you share that information with someone (you trust).
        And if the person has removed your finger/ eye ... then you are in far deeper trouble than worrying about your passwords. ;)

      • Kilroy
        December 17, 2015 at 10:46 pm

        That's why you select a strong password for your password manager. Hopefully your password manager uses a method that makes brute forcing your password a time consuming task. It may only take a second per guess, but that makes it not worth attempting a brute force attack as you can only make 86,400 attempts per day. That may sound like a lot, but that is less than a five digit password and about one fifth of a four letter lower case password. It would take 2,513,659 days to brute force an eight character lower case password.

        You have to select the correct password manager. I use LastPass, I know recently purchased by LogMeIn. LastPass only stores an encrypted copy of your user names and passwords. The best part is that LastPass can't decrypt the data they store for you.

        Humans are not capable of random. Even when we try to be random we construct patterns.

        Passwords need to die, but until they do a good password manager is the only real solution.

      • Anonymous
        December 18, 2015 at 9:13 am


        I Hope You Realized I Was Being Sarcastic.